Re: mitigation of oracle/aurora/util/Wrapper and dbms_jvm_exp_perms security issues

  • From: "Paul M. Wright" <oracle@xxxxxxxxxxxxx>
  • To: niall.litchfield@xxxxxxxxx
  • Date: Thu, 25 Feb 2010 05:45:26 +0000

To fix Java/Oracle issues with low risk of causing a loss of current 
functionality (e.g.
XDB and Datapump), need to monitor the DB/Application's behaviour beforehand so 
it can be
understood, and then the effect of the change can be predicted prior to 
enacting the fix.
More details on how to do this in updated SecuringJavaInOracle paper at
http://www.oraclesecurity.com/
Cheers,
Paul

Niall Litchfield wrote:
> There are a fair few people who use things like xdb etc that use java
> behind the scenes.
> 
>> On Feb 24, 2010 4:44 PM, "Allen, Brandon" <Brandon.Allen@xxxxxxxxxxx
>> <mailto:Brandon.Allen@xxxxxxxxxxx>> wrote:
>>
>> Just another option to consider - don’t install Java in your database
>> to begin with.  I think a lot of people install it because it’s
>> included by default from the DBCA, but most people probably don’t
>> really use it at all.
>>
>>  
>>
>> Regards,
>>
>> Brandon
>>
>>  
>>
>>  
>>
>>  
>>
>>
>> ------------------------------------------------------------------------
>> Privileged/Confidential Information may be contained in this message
>> or attachments hereto. Please advise immediately if you or your
>> employer do not consent to Internet email for messages of this kind.
>> Opinions, conclusions and other information in this message that do
>> not relate to the official business of this company shall be
>> understood as neither given nor endorsed by it.
> 



--
http://www.freelists.org/webpage/oracle-l


Other related posts: