Re: Question - Fusion Middleware inside Cloud Control or no?

• From: Tim Hall <tim@xxxxxxxxxxxxxxx>
• To: Chris Taylor <christopherdtaylor1994@xxxxxxxxx>
• Date: Tue, 17 Nov 2015 15:07:12 +0000

Hi.

I'm not sure I understand the point you are getting at with the first
bit... :) Moving on to the bit I do understand...

"The conclusion reasonably must be to fix the problem"

Not necessarily. This gets back to my point about the attitude of,

"always apply all patches to all systems all the time"

If there is still a risk after you have fenced off the server, then
you still have a problem and *must* fix it. If there is no risk after
the server is fenced off, "The conclusion reasonably must be to fix
the problem", is totally not a correct statement. It is your
preference...

We in IT have got into this habit of thinking if we don't apply
patches immediately, we are at risk. In some cases, applying the
patches is what puts you at risk. Think of all those lovely new
openssl errors that were released over the years, while to very old
openssl implementations remained rock solid. :)

Scenarios where patching is mandatory IMHO are:

1) When not patching puts you are risk. This may not be the case in
FMW depending on how you deploy apps, including EM. Firewalls blocking
off access to insecure internal comms and load balancers or reverse
proxies providing SSL termination for web applications mitigate a
massive number of issues. Allowing direct access to application
servers has been bad news for ... ever... :)

2) When not patching invalidates your support agreement with the vendor.

Everything else comes down to preference really. I am happy to patch
regularly when patching is:

- Easy and doesn't take half of my life to complete.
- Does not break my stuff. :)

This issue we are discussing is a classic example where applying the
patch is totally the wrong thing to do IMHO, because the effort
involved is not worth the pay-off. I would be more concerned with
making sure other factors (firewall and SSL termination before
reaching the app server) were sorted. By the time you get is working
and "safe", there will probably be as 12.1.0.6 that hopefully uses a
more up to date WebLogic and Java version. Probably not 12.2.1 and
Java8 though. :)

Cheers

Tim...
--
//www.freelists.org/webpage/oracle-l

• References:
  • Question - Fusion Middleware inside Cloud Control or no?
    • From: Chris Taylor
  • Re: Question - Fusion Middleware inside Cloud Control or no?
    • From: Tim Hall
  • Re: Question - Fusion Middleware inside Cloud Control or no?
    • From: Chris Taylor
  • Re: Question - Fusion Middleware inside Cloud Control or no?
    • From: Tim Hall
  • Re: Question - Fusion Middleware inside Cloud Control or no?
    • From: Chris Taylor

Other related posts:

• » Question - Fusion Middleware inside Cloud Control or no?- Chris Taylor
• » Re: Question - Fusion Middleware inside Cloud Control or no?- Tim Hall
• » Re: Question - Fusion Middleware inside Cloud Control or no?- Chris Taylor
• » Re: Question - Fusion Middleware inside Cloud Control or no?- Tim Hall
• » Re: Question - Fusion Middleware inside Cloud Control or no?- Chris Taylor
• » Re: Question - Fusion Middleware inside Cloud Control or no?- Andrew Kerber
• » Re: Question - Fusion Middleware inside Cloud Control or no? - Tim Hall
• » Re: Question - Fusion Middleware inside Cloud Control or no?- Tim Hall

1. Home
2. oracle-l
3. Archive
4. 11-2015

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---