It’s been quite a while since my last post. Finding time to post is the roughest part for me so forgive this post if it’s a bit crude. I felt it was more important to get this up than make it pretty.
First some background. All versions of Oracle at this point have a vulnerability to TNS Poisoning. I won’t go into details of that since it’s documented and discussed numerous places. What I will cover is what steps I have taken to secure my implementation of Oracle XE 11g. I should note that none of my implementations are EXTERNAL FACING, they are internal to the network only.
I recently had a situation where I needed to call a program that was executed on a Linux server from a Windows server. My problem was that I needed to connect to a Linux server via SSH, run the program and wait for the output to show up on a shared drive. I was restricted to using free tools that did not require installation, ones that could be executed on the command line. The specific problem was that in my Windows script I could not get past the password prompt when I connected to the Linux server via SSH with PuTTY.
I seem to have discovered some “undocumented” behavior in the Oracle Application Express Listener. I say “undocumented” because I couldn’t find any reference to it in the documentation. It’s not completely odd behavior but it probably should be documented if it is intended behavior.
First, here is my configuration. I do not know if the issue exists with all configurations of the Application Express Listener.
- Windows 2008r2
- Oracle XE 11gR2
- APEX 4.1.1
- APEX Listener 188.8.131.52
- GlassFish Server 3.1.2
I recently decided to install Oracle XE (Express Edition) 11gR2 on a Windows Server 2008R2 platform. That platform is x64 only. OracleXE 11gR2 is only available in a 32bit version. I thought that shouldn’t be a problem since 2008R2 has the ability to run 32bit programs. Well, that was just the first of a few eye-opening misconceptions. Once the installation was complete I upgraded the APEX environment to the latest version (v.4.1.1) following Mike Smithers posting. Much thanks to him for that.
Everything appeared to run just fine. I decided to take a look at the alert_xe.log to see what, if anything, was going on with the database. What I found was numerous messages like the following;
OER 7451 in Load Indicator : Error Code = OSD-04500: illegal option specified
O/S-Error: (OS 1) Incorrect function. !
The title seems only fitting for my first blog post. I have no idea how frequently this site will be update but I hope to post something useful for others. My hope is that others can learn from my experiences.