Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: java stored procedures fast, but slow when called as SQL function

Re: java stored procedures fast, but slow when called as SQL function

From: Noons <wizofoz2k_at_yahoo.com.au.nospam>
Date: 16 Apr 2003 10:38:08 GMT
Message-ID: <Xns935FD1BD1592ETokenthis@210.49.20.254> 





Following up on Norman Dunbar, 16 Apr 2003:



> Yep, that's where I hail from - ICL 1900 mainframes running DME/George

> 2+ followed by ICL2966/3945/3935 runing VME, VME(X) and Open VME. Them

> were the days !





ICL eh?  I cut my teeth in Fortran on an ICL 4130.
A "Scientific computer", used by one of the local research
departments.  Can't remember what the OS was.
Never played VME, but a friend did and he swears by it.



> 

> Now then, if the JVM isolates everything from the OS, then how come

> Oracle Support here in the UK are able to get me to run a Java app which

> allows them to see my desktop and watch my TARs doing what they do best

> - falling over ?





They may have a Java app that runs in its own JVM, with a custom 
authorized class that accesses the GUI to show the contents of 
the screen.  That's kosher.  Custom classes (think of them as 
"extensions") can be written to do anything you want with the 
native OS.  Theoretically, in any language.  It's up to you to 
use or not use them.  And of course these classes must be loaded 
somewhere.



If you don't do both, then the default JVM guarantees your 
program cannot "accidentaly" step outside the sandbox.




This BTW is one of the ways for possible "viruses" to stuff
up a system.   If a malicious intruder finds a way to include 
one of these classes into a folder in your CLASSPATH,
any malicious Java program that references the class will find 
it and can do nasty things.  And you won't notice because
your programs do not ever use that class.  Of course the trick is
in getting the offending class into that folder.  Number of ways
to do that in Windows, but not easy.




Incidentally, something I learned the hard way: never, NEVER install 
windows into the default folder, C:\WINDOWS.  ALWAYS change the name
of the folder.  Call it C:\MYWINDOZE, or something like that.
Simplest and safest way to avoid attacks that rely on your
system using M$ default names. You can't do it after the fact.
It's gotta be done during the install.




The JVM sandbox is effective, but it can be side-stepped
with custom "authorized" code.  My guess is that with Oracle 
going more and more into Java you'll find this "sandbox-sidestep" 
kind of program becoming bread and butter.  I'm not sure if 
that is good or not, but it works.  There is some really 
nifty stuff out there.



No Java developer here either (at least not full time), but
I sit in the same room with one of the best I've ever seen.  
This guy really knows his stuff.  Learned a lot with him.
Still doing it.



-- 
Cheers
Nuno Souto
wizofoz2k_at_yahoo.com.au.nospam


Received on Wed Apr 16 2003 - 05:38:08 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US