| Subject | Bob Swart's comment on security |
|---|---|
| Author | Claudio Valderrama C. |
| Post date | 2001-01-31T05:31:16Z |
http://www.drbob42.com/oracle/index.htm
says
«
2001/01/22 - Oracle XSQL Security Problem
It seems InterBase isn't the only one with security problems (fixed), as
we've just learned that the Oracle XSQL servlet allows you to specify
external XSLT stylesheets which may reside anywhere and can execute Java on
the web server - which may lead to compromising the server.
The Oracle XSQL is part of the default installation of Oracle8i 8.1.7 on
Windows 2000 (and probably other platforms).
»
As one person wrote, the IB lesson is expected to make other DB engine
vendors to take a peek at their code.
C.
---------
Claudio Valderrama C.
Ingeniero en Informática - Consultor independiente
http://www.cvalde.com
says
«
2001/01/22 - Oracle XSQL Security Problem
It seems InterBase isn't the only one with security problems (fixed), as
we've just learned that the Oracle XSQL servlet allows you to specify
external XSLT stylesheets which may reside anywhere and can execute Java on
the web server - which may lead to compromising the server.
The Oracle XSQL is part of the default installation of Oracle8i 8.1.7 on
Windows 2000 (and probably other platforms).
»
As one person wrote, the IB lesson is expected to make other DB engine
vendors to take a peek at their code.
C.
---------
Claudio Valderrama C.
Ingeniero en Informática - Consultor independiente
http://www.cvalde.com