Re: PHP5 and Oracle 10g

From: Mladen Gogala <gogala_at_sbcglobal.net>
Date: Sat, 17 Dec 2005 07:05:56 GMT
Message-Id: <pan.2005.12.17.07.05.55.747858@sbcglobal.net>

On Fri, 16 Dec 2005 22:43:01 -0500, PHPguy wrote:

> 
> 
> Mladen Gogala wrote:

>> On Fri, 16 Dec 2005 20:21:39 -0500, PHPguy wrote:
>>
>>

>>>Which ones would they be since sqlplus and tnsping are working.

>>
>>
>> I've had this configuration working on Linux, Windows and Solaris.
>> On Linux, I'm using the following script to start the Apache server:
>>
>> $ cat /etc/init.d/apache
>> #!/bin/sh
>>
>> # httpd Startup script for the Apache HTTP Server
>> #
>> # chkconfig: - 85 15
>> # description: Apache is a World Wide Web server. It is used to serve \
>> # HTML files and CGI.
>> # processname: httpd
>> # config: /opt/apache/conf/httpd.conf
>> APACHE_HOME=/opt/apache
>> # ORACLE_HOME=/oracle/product/client
>> ORACLE_HOME=/oracle/product/10g
>> TNS_ADMIN=$ORACLE_HOME/network/admin
>> TWO_TASK=local
>> PATH=$APACHE_HOME/bin:$PATH
>> LD_LIBRARY_PATH=$ORACLE_HOME/lib
>> LOCK=/var/lock/subsys/apache
>> LANG=en_US
>> export TNS_ADMIN ORACLE_HOME TWO_TASK
>> export APACHE_HOME PATH LD_LIBRARY_PATH
>> export LANG
>> case "$1" in
>> start)
>> apachectl start
>> touch $LOCK
>> ;;
>> stop)
>> apachectl stop
>> rm -f $LOCK
>> ;;
>> restart)
>> apachectl restart
>> ;;
>> esac;
>> $
>>
>> My version of PHP5 was downloaded, compiled and configured manually,
>> without any packages or RPM stuff. I'll have to confess that I don't
>> trust the prepackaged versions.
>>
>> Can you, please, publish the output of the phpinfo() executed in the web
>> server. In my case, the output looks like this:

> 
> 
> 
> PHP Logo
> PHP Version 5.1.1
>

OK. Everything looks right, except register_globals, but that has nothing to do with the problem. There is one catch with Oracle 10.2 that is probably causing your problem: the user "nobody", used to spawn httpd processes probably doesn't have access to $ORACLE_HOME directory and its subdirectories, the $TNS_ADMIN directory in particular. You should fix protection on all subdirectories of $ORACLE_BASE needed to reach the $TNS_ADMIN and $ORACLE_HOME/lib. Alternatively, although I would advise against it, you could do something like: find $ORACLE_BASE -type d -exec chmod o=+rx {} \;

I had that magic problem with Oracle 10.2 and I couldn't connect until I haven't had my protections fixed. I had to truss the httpd processes and see what's happening as it looked like a bad black magic. Simple chmod fixed the problem.

Now back to register_globals: I'm sure you're aware of the fact that the general security advice is to turn this off as it can be used for injection type attacks?

-- 
http://www.mgogala.com

Received on Sat Dec 17 2005 - 01:05:56 CST