Table of Contents
Advertisement
Additional Security Considerations
For additional security on UNIX, you can change the user to "nobody". Be sure that
the child processes can accomplish their tasks as the user "nobody". Change all
static content, such as the ORACLE_HOME/Apache/Apache/htdocs directory on
UNIX or ORACLE_HOME\Apache\Apache\htdocs on Windows, so that all the
files are readable, but ideally not writable by the user "nobody". Also, verify that all
the CGI and FastCGI programs can be run by user "nobody".
After making manual configuration changes to DAD passwords, it is recommended
that the DAD passwords are obfuscated by running the "dadTool.pl" script
located in ORACLE_HOME/Apache/modplsql/conf.
If your PL/SQL application is using the file-system caching functionality in mod_
plsql, then the httpd processes should have read and write privileges to the cache
directory through the parameter
HOME/Apache/modplsql/conf/cache.conf on UNIX or ORACLE_
HOME\Apache\modplsql\conf\cache.conf on Windows. By default, this
parameter points to ORACLE_HOME/Apache/modplsql/cache on UNIX or
ORACLE_HOME\Apache\modplsql\cache on Windows.
Finally, given that the cached content might contain sensitive data, the final contents
of the file-system cache should be protected. So, although Oracle HTTP Server
might run as "nobody", access to the system as this user should be well-protected.
"PlsqlDatabasePassword"
See Also:
on performing the obfuscation.
"mod_plsql"
See Also:
Oracle HTTP Server Processing Model
on page 7-36 on instructions
PlsqlCacheDirectory
on page 7-19
Managing Server Processes 4-3
in ORACLE_
Advertisement
Table of Contents
