RE: is it ok to tighten up extproc security?
- From: "Michael Fontana" <mfontana@xxxxxxxxxxx>
- To: <piontekdd@xxxxxxxxx>
- Date: Fri, 14 Nov 2008 09:36:14 -0600 (CST)
I recall having to use extproc a long time ago. It was required for doing
searches within LONG datatype and text based indexes columns.
I doubt Peoplesoft uses it, but someone might have created a stored
procedure.
See note NOTE:436826.1
_____
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Bradd Piontek
Sent: Friday, November 14, 2008 9:12 AM
To: dannorris@xxxxxxxxxxxxx
Cc: Oracle L
Subject: Re: is it ok to tighten up extproc security?
I"m pretty sure you can check the listener log for any access to the
EXTPROC process as well.
Bradd Piontek
"Next to doing a good job yourself,
the greatest joy is in having someone
else do a first-class job under your
direction."
-- William Feather
On Fri, Nov 14, 2008 at 8:51 AM, Dan Norris <dannorris@xxxxxxxxxxxxx>
wrote:
Sounds like everyone's recommending just removing it. Just in case you're
the one site using extproc callouts, you might want to check dba_libraries
to see if any have been registered. I'm not positive that an empty
dba_libraries means that you're in the clear, but I'm pretty sure you'll
see some obviously custom entries in there if someone has created a
library for callouts.
I don't believe that Peoplesoft uses any extproc callouts (it sort of
violates their "database-independent implementation" style).
Of course, you could just comment it out and wait for the phone to ring.
That's probably what I'd do :).
Dan
Other related posts:
