The Oracle Net Configuration
Let’s take a look at how you would set up a simple configuration that will support external procedures while closing up some of the glaring security gaps.
Specifying the Listener Configuration
It is the Oracle Net communications layer that provides the conduit between PL/SQL and the shared libraries. Although default installations of Oracle8i and later generally provide some support for external procedures, you probably don’t want to use the out-of-the-box configuration until Oracle has made some significantsecurity enhancements.
At the time of this writing, Oracle is still suffering a bit of a black eye from a security vulnerability arising from the external procedures feature. Specifically, a remote attacker could connect via the Oracle Net TCP/IP port (usually 1521) and run extproc with no authentication. So one of the things you could do to enhance your security would be:
Tip
Keep Oracle listeners behind a firewall; never expose a listener port to the Internet or any other untrusted network.
Getting the listener set up properly involves modifying the
tnsnames.ora and the
listener.ora files (either by hand or by using
the Oracle Net Manager front end). Here, for example, is a simple
listener.ora file that sets up an external
procedure listener that is separate from the database listener:
LISTENER = (ADDRESS = (PROTOCOL = TCP)(HOST =hostname)(PORT = 1521)) EXTPROC_LISTENER = (ADDRESS = (PROTOCOL = IPC)(KEY =extprocKey)) SID_LIST_LISTENER = (SID_DESC ...
Get Oracle PL/SQL Programming, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
