Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting Vulner abillity

Re: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting Vulner abillity

From: Pete Finnigan <oracle_list_at_peterfinnigan.demon.co.uk>
Date: Wed, 28 Jan 2004 22:02:26 +0000
Message-ID: <n9MpHPAyFDGABxUk@peterfinnigan.demon.co.uk>


>
>This leads to 2 questions:
>1) What is iSQL used for? (this is my laptop and mostly a work/presentation
>machine)
>2) In WinXP, I found a line in the file that says "include
>C:\oracle\ora92\sqlplus\admin\isqlplus.conf". If I remove this line, will that
>stop iSQL from starting?
>
>Daniel Fink

Hi Daniel,

iSQL*Plus is a web based version of SQL*Plus. There are a number of other known security issues with it, i cover some in the SANS Step-by- step book. These are, i think also covered in the CIS benchmark - you can find a link to that at http://www.petefinnigan.com/orasec.htm - in the checklist section.

If you comment the line as follows:

#
#include "C:\oracle\ora90\sqlplus\admin\isqlplus.conf"
#

in %ORACLE_HOME%/Apache/Apache/conf/oracle_apache.conf save the file and then restart the apache service iSQL*Plus will no longer work.

hth

kind regards

Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Received on Wed Jan 28 2004 - 16:02:26 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US