Re: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting Vulnerabillity

• From: Daniel Fink <Daniel.Fink@xxxxxxx>
• To: oracle-l@xxxxxxxxxxxxx
• Date: Wed, 28 Jan 2004 08:39:27 -0700

I recently had a problem on my WinXP pc and a conflict with isqlplus. The HTTP
server would attempt to start isqlplus and fail. This was repeated several
times until the maximum number of restarts was reached. So the server started
writing "max # of restarts reached" to the error log...and did not stop. I
found it when the disk filled up with a 4G log file! I finally deinstalled the
3rd party software that was causing the problem.

This leads to 2 questions:
1) What is iSQL used for? (this is my laptop and mostly a work/presentation
machine)
2) In WinXP, I found a line in the file that says "include
C:\oracle\ora92\sqlplus\admin\isqlplus.conf". If I remove this line, will that
stop iSQL from starting?

Daniel Fink

"Jesse, Rich" wrote:

> Or, just comment out the startup of "isqlplus" from
> $ORACLE_HOME/Apache/Apache/conf/oracle_apache.conf (on Unixish servers).
> For example, I'd just like to use the UltraSearch functionality, so iSQL
> isn't needed.
>
> Rich
>
> Rich Jesse                        System/Database Administrator
> rich.jesse@xxxxxxxxxxxx           Quad/Tech International, Sussex, WI USA
>
> -----Original Message-----
> From: MacGregor, Ian A. [mailto:ian@xxxxxxxxxxxxxxxxx]
> Sent: Tuesday, January 27, 2004 7:34 PM
> To: 'oracle-l@xxxxxxxxxxxxx'
> Subject: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting
> Vulnerabil lity
>
> How many people actually run the HTTP server which comes with the database?
> Isn't that pleading for someone to commit mischief.  It was too long ago
> that an SSL problem  was announced also dealing with the HTTP server.  The
> attack vector employs iSQL is that only available through the "database"
> HTTP server or can it be run via iAS.
>
> Ian MacGregor
> Stanford Linear Accelerator Center
> ian@xxxxxxxxxxxxxxxxx
> ----------------------------------------------------------------
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> ----------------------------------------------------------------
> To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx
> put 'unsubscribe' in the subject line.
> --
> Archives are at //www.freelists.org/archives/oracle-l/
> FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
> -----------------------------------------------------------------

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------

• Follow-Ups:
  • Re: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting Vulner abillity
    • From: Pete Finnigan

• References:
  • RE: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting Vulnerabil lity
    • From: Jesse, Rich

Other related posts:

• » Re: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting Vulnerabillity
• » Re: [oracle-l] Re: Oracle HTTP Server Cross Site Scripting Vulnerabillity

1. Home
2. oracle-l
3. Archive
4. 01-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---