Using the Database To Do Too Much - Implementing Database Security and Auditing

Databases Reference

In-Depth Information

Oracle Security Alert #28 reports on eight different mod_plsql vul-

nerabilities, including several buffer overflow vulnerabilities, DoS

vulnerabilities, and unauthorized access vulnerabilities.

Mod_plsql adds procedures that help you produce Web pages as out-

put (more on this in the next subsection). Once installed these can be

called from the Web through mod_plsql. Some of these procedures

provide powerful tools to an attacker. For example,

OWA_UTIL.SHOWSOURCE allows an attacker to view source

code of a package and is a good starting point to launch a Trojan

attack (see Chapter 9).

7.2.2

Mod_ose

Mod_ose is similar to mod_plsql but uses a Java servlet engine as the gate-

way to PL/SQL procedures. It is similar to mod_plsql in its configuration

(it also uses DADs), administration, and runtime. Oracle suggests using

mod_plsql for stateless processing and mod_ose for stateful processing.

However, mod_ose is not used as often as mod_plsql; if you're going to use

a servlet engine, you might as well use OracleAS or another J2EE applica-

tion server. Many of the security issues present in mod_plsql are also

present in mod_ose.

7.2.3

Implementation options: Remove modules and/

or remove the HTTP server

Unless you have a good reason to use the mod_plsql or mod_ose features,

you should completely disable them by removing the loading of the mod-

ules from the configuration file. In fact, you would be even better off

removing the Oracle HTTP Server from your database host altogether,

because it really doesn't belong there and can probably at some point be

used by an attacker.

If you take another look at oracle_apache.conf , you will see that

removing the server means that you will no longer have the benefit of using

iSQL*Plus. iSQL*Plus is a Web-enabled version of SQL*Plus that allows a

DBA or a developer to use SQL*Plus-like functionality using a Web

browser rather than having to install an Oracle client and using SQL*Plus.

From a security perspective, removing iSQL*Plus is a good thing.

iSQL*Plus provides less control and identification options than SQL*Plus

because all requests will now be coming from the same host—the database

host, actually. The same problems reviewed in Chapter 6 related to applica-

Search WWH ::

Custom Search

Home