Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures

Simon Josefsson (jas@PDC.KTH.SE)
Wed, 23 Jul 1997 15:14:36 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Corinne Posse Releases: "CPSR 7: IRIX WWW Server"
Previous message: Stefan Rompf: "Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"
Maybe in reply to: Simon Josefsson: "DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"
Next in thread: Matthew G. Harrigan: "Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"

"Ross Potts" <rpotts@med.osd.mil> writes:

> The server dumps quietly because the DBA probably hasn't set up the
> database correctly.

I still think the web server should log the GET string to the
apropriate logs, and stuff like that -- I can't see how that could
depend on how the DB is set up.

O well, let's see if publishing this causes Oracle to do anything --
I've mailed and phoned their support about things that provokes
internal errors but they haven't answered (not even saying they where
looking at the problem). As I hear Oracle's support is good, they
probably just hates me.

Take care,
Simon

Next message: Corinne Posse Releases: "CPSR 7: IRIX WWW Server"
Previous message: Stefan Rompf: "Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"
Maybe in reply to: Simon Josefsson: "DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"
Next in thread: Matthew G. Harrigan: "Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"