Nope. So called "natural compilation" is an Oracle gimmick which doesn't require a compiler and will put the output into NCOMP_DLL$ table in the SYS schema. Gory details are here:
http://mgogala.byethost5.com/Native_PLSQL_Execution.html On 03/02/2015 03:39 PM, MARK BRINSMEAD wrote:
That is MOSTLY true.Starting in 10g, as I recall, Oracle has the ability to "natively compile" PL/SQL code, though, and for that I suspect you will need the C compilers. Natively compiled PL/SQL can be a significant performance boost, perhaps enough that you would not want to sacrifice the capability.I understand the "remove the compilers" thing. Its a pretty common "security" measure, and its also sometimes done for change-control purposes (to ensure that rogue developers cannot compile and deploy new code on a production machine).In the case of a purpose-built Oracle database server, the measure may not be nearly so "pointful", though, as it would be in other contexts.Do they plan to also remove all JDKs? All JREs? (What about the ones inside the database?) How do the security people plan to restrict your ability to write shell scripts? To upload executable code? To download executable code via HTTP?Perhaps it would be acceptable to keep the compilers in place, and restrict ACCESS to them? (For example, allow only members of the group "compiler-users" to run the C compiler, and then make the database-owner account a member of that group to allow patching and natively-compiled PL/SQL.)Anyway, be prepared to remove and re-install your compilers. In my experience, people who have such rules don't seem to have a lot of flexibility when it comes to enforcing them. Alternatively, be prepared to compile/link your Oracle binaries on another host entirely and resign yourself to the fact that one-off patches are going to be more work than they strictly need to be.Removing the compilers will work. But it will be a headache on occasion.On Mon, Mar 2, 2015 at 2:25 PM, Chris King <ckaj111@xxxxxxxx <mailto:ckaj111@xxxxxxxx>> wrote:Greetings all! I’m doing a fresh installation of Oracle 12c and 11g on a new linux RHEL6 server. Pre-requisites include gcc and gcc-c++ compilers. The system admin wants to remove these compilers after installation because they constitute a security risk. I’m thinking doing so should be okay, as long as these compilers are re-installed when Oracle patches are applied. Does anyone have experience doing this? Thanks in advance. ChrisK
-- Mladen Gogala Oracle DBA http://mgogala.freehostia.com
