Re: Metalink Fiasco
- From: Andre van Winssen <dreveewee@xxxxxxxxx>
- To: dbvision@xxxxxxxxxxxx
- Date: Thu, 12 Nov 2009 14:33:16 +0100
for my testing with OCM and SR creation my assumptions are safe enough for
me.
http://download.oracle.com/docs/html/E12881_01/security.htm#sthref3 mentions
that data to be uploaded into ccr can be viewed in the ./ccr/state
directory. I can see a couple of files in there (although no xml files as
the doc on 10.3.1 states) but no information I don't want them or any
man-in-the-middle to know.
so, if I cannot find any data in the ORACLE_HOME/ccr directory that has mac
or ip address info or whatever else is sensitive then I HAVE TO assume that
oracle will not upload it. Oracle CM is using a secure http connection to
the the oracle so it would be hard to sniff and interpret that traffic.
If you are not comfortable with "connected" mode then don't use it. simple
as that. I am still trying to find out if ocm can help us in quicker problem
submitting and resolving through SR's created using system configurations
uploaded into oracle's ccr.
Though at the moment it seems a bad moment in time for using MOS.
below the
10.3.2.0.0 New Features
=======================
Configuring the OCM Collector thru the Oracle Support Hub
---------------------------------------------------------
The OCM Collector collects configuration information on the Oracle products
that it discovers and transmits that information over a secure http
connection
to Oracle. The collectors must either have a direct Internet connection path
or one through a proxy server. The Oracle Support Hub provides a channel
where
by OCM Collectors can route all information through an Oracle Support Hub
deployed
within a corporate intranet that in turn has a connection to the Internet.
Configuration of a 10.3.2 OCM collector allows the user the ability to
configure the connection thru the Oracle Support Hub if a direct connection
to
Oralce is not possible.
The Oracle Support Hub is distributed as part of the OCM Companion
Distribution.
Documentation on the Oracle Support Hub can be found at
http://www.oracle.com/technology/documentation/ocm.html and on the My Oracle
Support portal.
Configuring the OCM Collector to mask database usernames
--------------------------------------------------------
The OCM Collector collects the schema usernames for databases instrumented
for configuration collections. The collection of this information
is masked when the property 'ccr.metric.oracle_database.db_users.username'
is
assigned the value 'mask' in the
$ORACLE_HOME/ccr/config/collector.properties
file.
The default is to not mask data.
2009/11/12 Nuno Souto <dbvision@xxxxxxxxxxxx>
> Andre van Winssen wrote,on my timestamp of 12/11/2009 11:13 PM:
>
>
> I was not talking about 10.2.0.5 here. I have a 11.2 RDBMS installation,
>> with no separate grid control agent installation on the clusternodes.
>>
>
>
> Don't know. Im afraid until I receive 11r2 for AIX with grid, I can't
> comment on that release.
>
>
>
> All I have in $ORACLE_HOME/ccr/config is a ccr.properties file which only
>> has lines that are commented out. And there's nothing like a mac or ip
>> address in the files in $ORACLE_HOME/ccr/state.
>>
>
>
> Is there anything in the doco?
>
>
>
> so it's pretty safe to assume that no mac or ip address is sent to oracle
>> ccs.
>>
>
>
> You can make that assumption. I don't.
> The point I made is that until I see a *complete* list of everything that
> may or may not be sent, default or not, OCM doesn't touch any of my systems.
> Assumptions don't come into this, only facts.
>
>
>
> --
> Cheers
> Nuno Souto
> in wet Sydney, Australia
> dbvision@xxxxxxxxxxxx
> --
> //www.freelists.org/webpage/oracle-l
>
>
>
Other related posts:
