RE: Best practice for Oracle clients with a single instance database

Richard,

The first theory regarding database server security is to not let someone 
access the server first and then the software stack second.

By reusing the Oracle Home, we are allowing this other unix account (where the 
application lives) access to the database software.  This potentially allows 
then access to things that they need not have access to.  Sure, we can play 
with unix security to shut things down.  But I don't want to be doing 
onesy-twosy changes to make this work when there is another simpler solution.

By creating the second OH, we allow this account to a directory of software 
where they can do less damage.

That is my thinking.  We can disagree.  But I have never had an issue with 
Oracle client software misbehaving for any reason.

Just my 2 cents.

Tom


From: Goulet, Richard [mailto:Richard.Goulet@xxxxxxxxxxx]
Sent: Wednesday, January 19, 2011 8:32 AM
To: Mercadante, Thomas F (LABOR); pjhoraclel@xxxxxxxxx
Cc: oracle-l
Subject: RE: Best practice for Oracle clients with a single instance database

Thomas and all,

    I will disagree.  Let the app use the same Oracle_Home especially since 
that's the way it's normally set up.  Why have 2 homes to maintain when you 
have to shutdown the app when you upgrade either.  There is also the fun when 
something does go wrong as to which libraries are being used by whom.


Dick Goulet
Senior Oracle DBA


________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of Mercadante, Thomas F (LABOR)
Sent: Wednesday, January 19, 2011 8:12 AM
To: pjhoraclel@xxxxxxxxx
Cc: oracle-l
Subject: RE: Best practice for Oracle clients with a single instance database
Peter,

I agree with Safra.

The absolute best practice is to run the application on a separate server.

But given that this probably can't happen, I would install the Oracle client as 
a separate Oracle home on the DB server.  This way, you can control security of 
the Database Oracle home better - don't let the application account even get 
there.

Tom


From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of Harel Safra
Sent: Wednesday, January 19, 2011 7:24 AM
To: pjhoraclel@xxxxxxxxx
Cc: oracle-l
Subject: Re: Best practice for Oracle clients with a single instance database


I'd install two homes for the advantages you specified.

Harel Safra
Sent from my phone
On Jan 19, 2011 12:27 PM, "Peter Hitchman" 
<pjhoraclel@xxxxxxxxx<mailto:pjhoraclel@xxxxxxxxx>> wrote:
> Hi,
> Having over the past couple of years started to work with RAC, where
> the application code runs from another server with an Oracle client
> install, I am back setting up a single instance where the application
> code will run on the
> same machine. It occurred to me that it might make sense to still
> install an Oracle runtime or instant client for the application to
> use, as well as the database install, because that way I could
> upgrade one without interfering with the other. On the down side it
> means there will be an extra oracle home to maintain and if the
> releases are different, I might run into issues with the oraenv/dbhome
> programmes.
>
> What do most people out there do, with single instance set-ups?
>
> Thanks
> Pete
> --
> http://www.freelists.org/webpage/oracle-l
>
>

Other related posts: