Re: Metalink Fiasco

• From: Nuno Souto <dbvision@xxxxxxxxxxxx>
• Date: Thu, 12 Nov 2009 19:29:39 +1100

Jared Still wrote,on my timestamp of 12/11/2009 3:37 AM:

Lots of anti-OCM sentiment here.

I must confess that I like OCM however..

OCM is not going to change anything in a database, but it
does alert you to possible issues.

Sure.  But it's what it does silently that worries me.

For example, did you know that *by default* it does send to Oracle all IP addresses *AND* all MAC addresses it can find in the database servers? I can understand the IP address, but the MAC address???

If that transmission ever gets intercepted, it's an open door for a hacker attack. The arp command is just a start.

I only came about this by accident after spending a lot of time reading and following links from an install guide that is long on marketing and short on information.

How many other undocumented defaults is it really sending?

Nay, forget that! I want to know *everything* it sends, optional or default, period!

These are *my* company's systems, not Oracle's. *I* - or someone else in this company - decide what gets sent to an external organization about our setup.

First, most basic rule of intrusion avoidance: do *not* send out *any* information. An extension of this is precisely why firewalls work in both directions!

As for the fear of opening servers to the net, expressed in other replies:

that is easily avoided. In the latest release, OCM allows "disconnected" mode of operation. Basically, it collects all info into a jar file, then *you* upload that jar file to MOS via the "Flash" interface.

You have the power of decision of when info is sent. That is indeed a much more intelligent solution and should have been there since day one.

Any guesses as to why MOS was so important to Oracle Support?
No MOS, no disconnected-mode OCM: simple as that.
Not a sine-qua-non but I can understand their anxiety in getting MOS going.

However, to me it still needs to pass the first validation: I want to know *everything* it can possibly send, default or optional. NO exceptions. Until that is clear in my mind and under my control, no go.

--
Cheers
Nuno Souto
in wet Sydney, Australia
dbvision@xxxxxxxxxxxx
--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • Re: Metalink Fiasco
    • From: Andre van Winssen

• References:
  • Re: Metalink Fiasco
    • From: Rich Jesse
  • Re: Metalink Fiasco
    • From: Kellyn Pedersen
  • Re: Metalink Fiasco
    • From: Jared Still

Other related posts:

• » Metalink Fiasco- Crisler, Jon
• » Re: Metalink Fiasco- lyallbarbour
• » RE: Metalink Fiasco- Allen, Brandon
• » Re: Metalink Fiasco- David Barbour
• » Re: Metalink Fiasco- Ram Srinivasan
• » Re: Metalink Fiasco- Sanjeev Mellacheruvu
• » Re: Metalink Fiasco- Howard Latham
• » Re: Metalink Fiasco- troach
• » Re: Metalink Fiasco- Jared Still
• » RE: Metalink Fiasco- Crisler, Jon
• » RE: Metalink Fiasco- Hostetter, Jay M
• » RE: Metalink Fiasco- Johnson, George
• » Re: Metalink Fiasco- Niall Litchfield
• » Re: Metalink Fiasco- Bill Ferguson
• » Re: Metalink Fiasco- lyallbarbour
• » RE: Metalink Fiasco- DOBSON L.
• » RE: Metalink Fiasco- Johnson, George
• » Re: Metalink Fiasco- Martin Berger
• » RE: Metalink Fiasco- Scott Heisey
• » Re: Metalink Fiasco- Dba DBA
• » Re: Metalink Fiasco- Thomas Roach
• » Re: Metalink Fiasco- Dba DBA
• » RE: Metalink Fiasco- Allen, Brandon
• » Re: Metalink Fiasco- Dba DBA
• » RE: Metalink Fiasco- Christopher Boyle
• » Re: Metalink Fiasco- Daniel Fink
• » Re: Metalink Fiasco- Joey D'Antoni
• » Re: Metalink Fiasco- troach
• » RE: Metalink Fiasco- Allen, Brandon
• » Re: Metalink Fiasco- Daniel Fink
• » Re: Metalink Fiasco- Jared Still
• » RE: Metalink Fiasco- Martin Brown
• » Re: Metalink Fiasco- Thomas Roach
• » Re: Metalink Fiasco- Guillermo Alan Bort
• » RE: Metalink Fiasco- Kellyn Pedersen
• » Re: Metalink Fiasco- Guillermo Alan Bort
• » RE: Metalink Fiasco- Joel.Patterson
• » RE: Metalink Fiasco- Johnson, George
• » Re: Metalink Fiasco- Andrew Kerber
• » Re: Metalink Fiasco- Rodd Holman

1. Home
2. oracle-l
3. Archive
4. 11-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---