Re: Question - Fusion Middleware inside Cloud Control or no?

From: Tim Hall <tim_at_oracle-base.com>
Date: Tue, 17 Nov 2015 15:07:12 +0000
Message-ID: <CAP=5zEgtWba+zAmqEJ+rDGQrsivOA_sevn2SZ5yaspgLEWSaOg_at_mail.gmail.com>

Hi.

I'm not sure I understand the point you are getting at with the first bit... :) Moving on to the bit I do understand...

"The conclusion reasonably must be to fix the problem"

Not necessarily. This gets back to my point about the attitude of,

"always apply all patches to all systems all the time"

If there is still a risk after you have fenced off the server, then you still have a problem and *must* fix it. If there is no risk after the server is fenced off, "The conclusion reasonably must be to fix the problem", is totally not a correct statement. It is your preference...

We in IT have got into this habit of thinking if we don't apply patches immediately, we are at risk. In some cases, applying the patches is what puts you at risk. Think of all those lovely new openssl errors that were released over the years, while to very old openssl implementations remained rock solid. :)

Scenarios where patching is mandatory IMHO are:

When not patching puts you are risk. This may not be the case in FMW depending on how you deploy apps, including EM. Firewalls blocking off access to insecure internal comms and load balancers or reverse proxies providing SSL termination for web applications mitigate a massive number of issues. Allowing direct access to application servers has been bad news for ... ever... :)
When not patching invalidates your support agreement with the vendor.

Everything else comes down to preference really. I am happy to patch regularly when patching is:

Easy and doesn't take half of my life to complete.
Does not break my stuff. :)

This issue we are discussing is a classic example where applying the patch is totally the wrong thing to do IMHO, because the effort involved is not worth the pay-off. I would be more concerned with making sure other factors (firewall and SSL termination before reaching the app server) were sorted. By the time you get is working and "safe", there will probably be as 12.1.0.6 that hopefully uses a more up to date WebLogic and Java version. Probably not 12.2.1 and Java8 though. :)

Cheers

Tim...

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Nov 17 2015 - 16:07:12 CET

This message: [ Message body ]
Next message: Svetoslav Gyurov: "Re: Solved: Exacheck reports "FAIL Storage Server Check Exadata Smart Flash Cache should be actually used""
Previous message: Dominic Brooks: "RE: dbms_stats.gather_schema_stats does not finish."
In reply to: Chris Taylor: "Re: Question - Fusion Middleware inside Cloud Control or no?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message