RE: is it ok to tighten up extproc security?

I recall having to use extproc a long time ago. It was required for doing searches within LONG datatype and text based indexes columns.  

I doubt Peoplesoft uses it, but someone might have created a stored procedure.  

See note NOTE:436826.1      

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Bradd Piontek
Sent: Friday, November 14, 2008 9:12 AM
To: dannorris_at_dannorris.com
Cc: Oracle L
Subject: Re: is it ok to tighten up extproc security?  

I"m pretty sure you can check the listener log for any access to the EXTPROC process as well.

Bradd Piontek
  "Next to doing a good job yourself,

        the greatest joy is in having someone 
        else do a first-class job under your  
        direction."

• William Feather

On Fri, Nov 14, 2008 at 8:51 AM, Dan Norris <dannorris_at_dannorris.com> wrote:

Sounds like everyone's recommending just removing it. Just in case you're the one site using extproc callouts, you might want to check dba_libraries to see if any have been registered. I'm not positive that an empty dba_libraries means that you're in the clear, but I'm pretty sure you'll see some obviously custom entries in there if someone has created a library for callouts.

I don't believe that Peoplesoft uses any extproc callouts (it sort of violates their "database-independent implementation" style).

Of course, you could just comment it out and wait for the phone to ring. That's probably what I'd do :).

Dan  

--
http://www.freelists.org/webpage/oracle-l