| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting Vulner abil lity
Or, just comment out the startup of "isqlplus" from
$ORACLE_HOME/Apache/Apache/conf/oracle_apache.conf (on Unixish servers).
For example, I'd just like to use the UltraSearch functionality, so iSQL
isn't needed.
Rich
Rich Jesse System/Database Administrator rich.jesse_at_qtiworld.com Quad/Tech International, Sussex, WI USA
-----Original Message-----
From: MacGregor, Ian A. [mailto:ian_at_SLAC.Stanford.EDU]
Sent: Tuesday, January 27, 2004 7:34 PM
To: 'oracle-l_at_freelists.org'
Subject: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting
Vulnerabil lity
How many people actually run the HTTP server which comes with the database? Isn't that pleading for someone to commit mischief. It was too long ago that an SSL problem was announced also dealing with the HTTP server. The attack vector employs iSQL is that only available through the "database" HTTP server or can it be run via iAS.
Ian MacGregor
Stanford Linear Accelerator Center
ian_at_slac.stanford.edu
-- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.htmlReceived on Wed Jan 28 2004 - 09:07:45 CST
-----------------------------------------------------------------
 |
 |