Databases Reference
In-Depth Information
#
include "C:\oracle\ora92\sqlplus\admin\
isqlplus.conf
"
#
include "C:\oracle\ora92/oem_webstage/oem.conf"
In plsql.conf:
#
# Directives added for mod-plsql
#
LoadModule plsql_module C:\oracle\ora92\bin\modplsql.dll
#
# Enable handling of all virtual paths
# beginning with "/pls" by mod-plsql
#
<IfModule mod_plsql.c>
<Location /pls>
SetHandler pls_handler
Order deny,allow
Allow from all
</Location>
</IfModule>
When mod_plsql is active, the plsql module is loaded into Apache and
the Oracle PL/SQL Web Toolkit (OWA PL/SQL packages) is loaded into
the database. OWA PL/SQL packages are installed into the SYS database
schema, making any potential vulnerability that much more dangerous.
At this point you make calls using URLs of the form:
http://<hostname>:<port>/pls/<dad>/<package>.<proc>?<name1>=<val1>&..
Hostname is the server on which the Oracle HTTP Server and the data-
base are both running, and the port is that to which the HTTP server lis-
tens.
Pls
tells Apache to delegate the request to the mod_plsql module.
Next comes the Database Access Descriptor (DAD). The DAD is defined
in the
wdbsvr.app
file in the mod_plsql config directory and specifies con-
nection details such as a username and password to connect to, the number
of open connections to maintain in the pool, and so on. After that come the
package name and the procedure name, and finally the arguments to be
passed as parameters.
Search WWH ::
Custom Search