The Oracle Net Configuration
Let’s take a look at how you would set up a simple configuration that will support external procedures while closing up some of the glaring security gaps.
Specifying the Listener Configuration
It is the Oracle Net communications layer that provides the conduit between PL/SQL and the shared libraries. Although default installations of Oracle8i Database and later generally provide some support for external procedures, you probably don’t want to use the out-of-the-box configuration until Oracle has made some significant security enhancements.
At the time we were writing the third edition of this book, Oracle was suffering a bit of a black eye from a security vulnerability arising from the external procedures feature. Specifically, a remote attacker could connect via the Oracle Net TCP/IP port (usually 1521) and run extproc with no authentication. Although Oracle closed up that particular vulnerability, the conventional wisdom of securing Oracle includes that shown in the following note.
Note
Keep Oracle listeners behind a firewall; never expose a listener port to the Internet or to any other untrusted network.
Getting the listener set up properly involves modifying the tnsnames.ora file and the listener.ora file (either by hand or by using the Oracle Net Manager frontend). Here, for example, is a simple listener.ora file that sets up an external procedure listener that is separate from the database listener:
### regular listener (to connect to the database) LISTENER ...
Get Oracle PL/SQL Programming, 5th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
