Лекции.Орг


Поиск:




Категории:

Астрономия
Биология
География
Другие языки
Интернет
Информатика
История
Культура
Литература
Логика
Математика
Медицина
Механика
Охрана труда
Педагогика
Политика
Право
Психология
Религия
Риторика
Социология
Спорт
Строительство
Технология
Транспорт
Физика
Философия
Финансы
Химия
Экология
Экономика
Электроника

 

 

 

 


Security Characteristics of the Configuration




The configuration we've established here accomplishes two important security objectives:

· It allows the system administrator to run the external procedure listener as a user account with limited privileges. By default, the listener would run as the account that runs the Oracle server.

· It limits the external procedure listener to accept only IPC connections from the local machine, as opposed to TCP/IP connections from anywhere.

But we're not quite done. The tnsnames.ora file for the database in which the callout originates will need an entry like the following:

EXTPROC_CONNECTION_DATA = (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC)(KEY = extprocKey )) (CONNECT_DATA = (SID = extprocSID ) (PRESENTATION = RO)))

You'll recognize most of these settings from the earlier listener configuration. Note that the values you used in the listener for extprocKey and extprocSID must match their respective values here. The optional PRESENTATION setting is intended to improve performance a bit; it tells the server, which might be listening for different protocols, to assume that the client wants to communicate using the protocol known as "RemoteOps" (hence the RO).

You'll want to be careful about what privileges the supplemental listener account has, especially regarding its rights to modify files owned by the operating system or by the oracle account. Also, by setting the TNS_ADMIN environment variable on Unix (or in the registry of a Microsoft operating system), you can relocate the external procedure listener's listener.ora and sqlnet.ora files to a separate directory. This may be another aspect of an overall approach to security.

Setting up these configuration files and creating supplemental OS-level user accounts may seem rather distant from day-to-day PL/SQL programming, but these days, security is everybody's business!

Oracle professionals should keep up with Oracle's security alerts page at http://otn.oracle.com/deploy/security/alerts.htm. The external procedures problem I mentioned back in Section 23.2.1 appears as alert number 29, but every Oracle shop should review the entire list of issues to discover what workarounds or patches to employ.

 

 





Поделиться с друзьями:


Дата добавления: 2015-10-01; Мы поможем в написании ваших работ!; просмотров: 429 | Нарушение авторских прав


Поиск на сайте:

Лучшие изречения:

Наука — это организованные знания, мудрость — это организованная жизнь. © Иммануил Кант
==> читать все изречения...

2242 - | 2051 -


© 2015-2024 lektsii.org - Контакты - Последнее добавление

Ген: 0.012 с.