Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting Vulner abillity

Re: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting Vulner abillity

From: Daniel Fink <Daniel.Fink_at_Sun.COM>
Date: Wed, 28 Jan 2004 08:39:27 -0700
Message-id: <4017D7AF.FECFF4C0@sun.com> 





I recently had a problem on my WinXP pc and a conflict with isqlplus. The HTTP
server would attempt to start isqlplus and fail. This was repeated several
times until the maximum number of restarts was reached. So the server started
writing "max # of restarts reached" to the error log...and did not stop. I
found it when the disk filled up with a 4G log file! I finally deinstalled the
3rd party software that was causing the problem.



This leads to 2 questions:


1) What is iSQL used for? (this is my laptop and mostly a work/presentation
machine)


2) In WinXP, I found a line in the file that says "include
C:\oracle\ora92\sqlplus\admin\isqlplus.conf". If I remove this line, will that
stop iSQL from starting?



Daniel Fink



"Jesse, Rich" wrote:



> Or, just comment out the startup of "isqlplus" from

> $ORACLE_HOME/Apache/Apache/conf/oracle_apache.conf (on Unixish servers).

> For example, I'd just like to use the UltraSearch functionality, so iSQL

> isn't needed.

>

> Rich

>

> Rich Jesse                        System/Database Administrator

> rich.jesse_at_qtiworld.com           Quad/Tech International, Sussex, WI USA

>

> -----Original Message-----

> From: MacGregor, Ian A. [mailto:ian_at_SLAC.Stanford.EDU]

> Sent: Tuesday, January 27, 2004 7:34 PM

> To: 'oracle-l_at_freelists.org'

> Subject: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting

> Vulnerabil lity

>

> How many people actually run the HTTP server which comes with the database?

> Isn't that pleading for someone to commit mischief.  It was too long ago

> that an SSL problem  was announced also dealing with the HTTP server.  The

> attack vector employs iSQL is that only available through the "database"

> HTTP server or can it be run via iAS.

>

> Ian MacGregor

> Stanford Linear Accelerator Center

> ian_at_slac.stanford.edu

> ----------------------------------------------------------------

> Please see the official ORACLE-L FAQ: http://www.orafaq.com

> ----------------------------------------------------------------

> To unsubscribe send email to:  oracle-l-request_at_freelists.org

> put 'unsubscribe' in the subject line.

> --

> Archives are at http://www.freelists.org/archives/oracle-l/

> FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html

> -----------------------------------------------------------------






Please see the official ORACLE-L FAQ: http://www.orafaq.com




To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.

--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


Received on Wed Jan 28 2004 - 09:39:27 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US