Re: mitigation of oracle/aurora/util/Wrapper and dbms_jvm_exp_perms security issues
Date: Thu, 25 Feb 2010 21:12:34 +0000
On 24/02/10 17:36, Allen, Brandon wrote:
> Yes, agreed, but Iíd guess thatís a very small minority of all Oracle
> databases, although I have nothing to base that on other than my
> personal experience (Iíve never used XDB). Certainly those who /need/
> Java should have it installed, but I just think it shouldnít be included
> by default.
From my personal experience I can tell you that there are a lot of databases out there that were installed with _all_ possible options installed, regardless of license status. It's just so easy to fire up dbca and click next-next-next and end up having 18 or so lines in dba_server_registry. Not only a licensing problem but can also can cause severe upgrade headaches with entire component groups invalid.
Quite often such databases don't have their dictionaries patched either.... I have to admit though that such environments generally suffered from a lack of attention or even complete absence of the caring hands of a DBA. Packaged applications using Oracle as a backend come to mind .... I predict it won't be long until universities struggle with hacked systems....
-- Martin Bach OCM 10g http://martincarstenbach.wordpress.com http://www.linkedin.com/in/martincarstenbach -- http://www.freelists.org/webpage/oracle-lReceived on Thu Feb 25 2010 - 15:12:34 CST