Re: mitigation of oracle/aurora/util/Wrapper and dbms_jvm_exp_perms security issues

From: Paul M. Wright <oracle_at_ukcert.org.uk>
Date: Thu, 25 Feb 2010 05:45:26 +0000
Message-ID: <4B860E76.4020606_at_ukcert.org.uk>



To fix Java/Oracle issues with low risk of causing a loss of current functionality (e.g. XDB and Datapump), need to monitor the DB/Application's behaviour beforehand so it can be understood, and then the effect of the change can be predicted prior to enacting the fix. More details on how to do this in updated SecuringJavaInOracle paper at http://www.oraclesecurity.com/
Cheers,
Paul

Niall Litchfield wrote:

> There are a fair few people who use things like xdb etc that use java
> behind the scenes.
> 

>> On Feb 24, 2010 4:44 PM, "Allen, Brandon" <Brandon.Allen_at_oneneck.com
>> <mailto:Brandon.Allen_at_oneneck.com>> wrote:
>>
>> Just another option to consider - donít install Java in your database
>> to begin with. I think a lot of people install it because itís
>> included by default from the DBCA, but most people probably donít
>> really use it at all.
>>
>>
>>
>> Regards,
>>
>> Brandon
>>
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>> Privileged/Confidential Information may be contained in this message
>> or attachments hereto. Please advise immediately if you or your
>> employer do not consent to Internet email for messages of this kind.
>> Opinions, conclusions and other information in this message that do
>> not relate to the official business of this company shall be
>> understood as neither given nor endorsed by it.
>
--
http://www.freelists.org/webpage/oracle-l
Received on Wed Feb 24 2010 - 23:45:26 CST

Original text of this message