RE: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting Vulnerabil lity
- From: "Jesse, Rich" <Rich.Jesse@xxxxxxxxxxxx>
- To: "'oracle-l@xxxxxxxxxxxxx'" <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 28 Jan 2004 09:07:45 -0600
Or, just comment out the startup of "isqlplus" from
$ORACLE_HOME/Apache/Apache/conf/oracle_apache.conf (on Unixish servers).
For example, I'd just like to use the UltraSearch functionality, so iSQL
isn't needed.
Rich
Rich Jesse System/Database Administrator
rich.jesse@xxxxxxxxxxxx Quad/Tech International, Sussex, WI USA
-----Original Message-----
From: MacGregor, Ian A. [mailto:ian@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, January 27, 2004 7:34 PM
To: 'oracle-l@xxxxxxxxxxxxx'
Subject: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting
Vulnerabil lity
How many people actually run the HTTP server which comes with the database?
Isn't that pleading for someone to commit mischief. It was too long ago
that an SSL problem was announced also dealing with the HTTP server. The
attack vector employs iSQL is that only available through the "database"
HTTP server or can it be run via iAS.
Ian MacGregor
Stanford Linear Accelerator Center
ian@xxxxxxxxxxxxxxxxx
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
