Oracle 9.2 JDBC Security Issue

Similar Messages

• NCHAR issue with oracle database using JDBC adapter

  Hi,
  We have a requirement to develop an XI interface from FTP server(File adapter) to oracle database using JDBC adapter. In the oracle database table few fields are of type NCHAR/NVARCHAR. when we try to insert the character(A,B,c..) values into oracle table fields of type NCHAR/NVARCHAR, we are getting the following error message in the JDBC adapter audit log. IF we pass the numeric value to the same field, then we are able to insert the records successfully.
  Unable to execute statement for table or stored procedure. 'IPCSDD_DOWNLOAD_PROCESS' (Structure 'StatementName1') due to java.sql.SQLException: ORA-00904: "P": invalid identifier
  2010-10-19 22:29:59 Error JDBC message processing failed; reason Error processing request in sax parser: Error when executing statement for table/stored proc. 'IPCSDD_DOWNLOAD_PROCESS' (structure 'StatementName1'): java.sql.SQLException: ORA-00904: "P": invalid identifier
  2010-10-19 22:29:59 Error MP: Exception caught with cause com.sap.aii.af.ra.ms.api.RecoverableException: Error processing request in sax parser: Error when executing statement for table/stored proc. 'IPCSDD_DOWNLOAD_PROCESS' (structure 'StatementName1'): java.sql.SQLException: ORA-00904: "P": invalid identifier
  Please find the system information below.
  Oracle version- 10.2.4
  XI version - 3.0/ service pack 19
  JDBC driver- oracle.jdbc.driver.OracleDriver
  Please suggest.
  Thanks,
  Venkata
  Edited by: Venkata Narayana  Eepuri on Oct 21, 2010 12:10 AM

  Dear Venkata Narayana,
  Concerning the error, kindly go through the following note :
  731 - Collective note: ORA-00904
  follow the recommendations mentioned in that and please check if that helps.
  Best Regards
  Nishwanth

• Looking Document for jdbc troubleshooting issues

  Hi,
  Can someone post links to get a good jdbc related issues and troubleshooting tools?

  WebLogic Server (WLS) Support Pattern: Investigating JDBC Issues (Doc ID 1280894.1)
  Master Note on Oracle WebLogic Server JDBC/Database/Drivers Support Patterns (Doc ID 761097.1)

• SetString/executeBatch fails in Oracle 10g OCI JDBC driver

  Hi,
  I am using Oracle 10g OCI jdbc driver for batch updates.
  Following is the the code that I am using
  import java.sql.*;
  import oracle.jdbc.*;
  import oracle.jdbc.pool.OracleDataSource;
  public class BatchUpdates
  public static void main(String[] args)
  Connection conn = null;
  Statement stmt = null;
  PreparedStatement pstmt = null;
  ResultSet rset = null;
  int i = 0;
  try
  String url = "jdbc:oracle:oci:@kctutf8";
  try {
  String url1 = System.getProperty("JDBC_URL");
  if (url1 != null)
  url = url1;
  } catch (Exception e) {
  OracleDataSource ods = new OracleDataSource();
  ods.setUser("kctuser");
  ods.setPassword("kana");
  ods.setURL(url);
  conn = ods.getConnection ();
  stmt = conn.createStatement();
  try { stmt.execute(
  "create table mytest_table (col1 number, col2 varchar2(20))");
  } catch (Exception e1) {}
  pstmt = conn.prepareStatement("insert into mytest_table values (?, ?)");
  pstmt.setInt(1, 1);
  pstmt.setString(2, "row 1");
  pstmt.addBatch();
  pstmt.setInt(1, 2);
  pstmt.setString(2, "row 2");
  pstmt.addBatch();
  pstmt.setInt(1, 3);
  pstmt.setString(2, "row 3");
  pstmt.addBatch();
  pstmt.setInt(1, 4);
  pstmt.setString(2, "row 4");
  pstmt.addBatch();
  pstmt.setInt(1, 5);
  pstmt.setString(2, "row 5");
  pstmt.addBatch();
  pstmt.executeBatch();
  rset = stmt.executeQuery("select * from mytest_table");
  while (rset.next())
  System.out.println(rset.getInt(1) + ", " + rset.getString(2));
  catch (Exception e)
  e.printStackTrace();
  finally
  if (stmt != null)
  try { stmt.execute("drop table mytest_table"); } catch (Exception e) {}
  try { stmt.close(); } catch (Exception e) {}
  if (pstmt != null)
  try { pstmt.close(); } catch (Exception e) {}
  if (conn != null)
  try { conn.close(); } catch (Exception e) {}
  When I run this class I get the following output
  1, row 1
  2, row 3
  3, row 5
  4, null
  5,
  But It should have been
  1, row 1
  2, row 2
  3, row 3
  4, row 4
  5, row 5
  The same class runs fine if I use Thin driver.
  Can anyone please help me solve this issue.
  Note: This happens only in case we use setString with Varchar2 in the DB. This works fine if I have two number columns
  Thanks,
  Raja.S

  Please post this question to the Java forum. It is located under "Technologies".

• Oracle 9i reading BLOB performance issues

  Windows XP Pro SP2
  JDK 1.5.0_05
  Oracle 9i
  Oracle Thin Driver for JDK 1.4 v.10.2.0.1.0
  DBCP v.1.2.1
  Spring v1.2.7 (I am using the JDBC template for convenience)
  I have run into serious performance issues reading BLOBs from Oracle using oracle's JDBC thin driver. I am not sure if it a constraint/mis-configuration with oracle or a JDBC problem.
  I am hoping that someone has some experience accessing multi-MB BLOBs under heavy volume.
  We are considering using Oracle 8 or 9 as a document repository. It will end up storing hundreds of thousands of PDFs that can be as large as 30 MBs. We don't have access to Oracle 10.
  TESTS
  I am running tests against Oracle 8 and 9 to simulate single and multi-threaded document access. Out goal is to get a sense of KBps throughput and BLOB data access contention.
  DATA
  There is a single test table with 100 rows. Each row has a PK id and a BLOB field. The blobs range in size from a few dozen KB to 12MB. They represent a valid sample of production data. The total data size is approx. 121 MBs.
  Single Threaded Test
  The test selects a single blob object at a time and then reads the contents of the blob's binary input stream in 2 KB chunks. At the end of the test, it will have accessed all 100 blobs and streamed all 121 MBs. The test harness is JUnit.
  8i Results: On 8i it starts and terminates successfully on a steady and reliable basis. The throughput hovers around 4.8 MBps.
  9i Results: Similar reliability to 8i. The throughput is about 30% better.
  Multi-Threaded Test
  The multi-threaded test uses the same "blob reader" functionality used in the single threaded test. However, it spawns 8 threads each running a separate "blob reader".
  8i Results: The tests successfully complete on a reliable basis. The aggregate throughput of all 8 threads is a bit more than 4.8 MBps.
  9i Results: Erratic. The tests were highly erratic on 9i. Threads would intermittently lock when accessing a BLOB's output stream. Sometimes they lock accessing data from the same row, othertimes it is distinct rows. The number and the timing of the thread "locks" is indeterminate. When the test completed successfully the aggregate throughput of the 8 threads was approx. 5.4 MBps.
  I would be more than happy to post code or the data model if that would help.
  Carlos

  Hi Murphy16,
  Try investigate where are the principal issues in your RAC system.
  Check:
  * Expensive SQL's;
  * Sorts in disks;
  * Wait Events;
  * Interconnect hardware issues;
  * Applications doing unnecessary manual LOCKs (SQL);
  * If SGA is adequatly sized (take care to not use of SWAP space "DISK");
  * Backup's and unnecessary jobs running at business time (Realocate this jobs and backups to night window or a less intensive work hour at database);
  * Rebuild indexes and identify tables that must be reorganized (fragmentation);
  * Verify another software consuming resources on your server;
  Please give us more info about your environment. The steps above are general, but you can use to guide u in basic performance issues.
  Regards,
  Rodrigo Mufalani
  http://mufalani.blogspot.com

• Security issues for Discoverer 10g apps 12i

  gurus,
  I have couple of things to get it done at client.
  We are on Oracle Apps rel 12i with dicoverer 10g.
  Did anyone setup MOAC to be enabled and operational in business areas?
  Setting up secure responsibilities in discoverer for MOAC?
  Any setup needs to be done for custom report security in discoverer ?
  thx

  Hi,
  I did setup new MOAC security profiles and assigned multiple organizations to that profile for testing purpose.
  After this, I did run concurrent program "Security List Maintennce" etc...
  Tested Upding profile at user level or responsibility level.
  On APPS side fine.
  I need the some basic steps on setup of security issues for discoverer side.
  1) Business areas (any security steps need to be followed in order to access data for single or multi-org)
  2) Custom Reports ( any security setup or any moac security profile setting against responsibilty for accessing single or multi-org data)
  Since we dont have default operating unit parameter as specified in the concurrent program, how do you restrict data?
  3) Reconciling security approach r12 with discoverer (any steps need to be followed here after r12 configuration with security issues)
  4) Custom Views ( any steps to be followed for single or multi-org data as security aspect)
  Looking for info on these setups.
  Thx

• Security issue with content areas

  Hi Everyone,
  I was wondering if anyone else has experienced this. If you have, is there a work around? It seems like some of content area security is cached in the database. This is what happened in my two test cases.
  Test case 1:
  - First I created several content areas with subfolders by using the wwwsbr_api.
  - I granted access to just to the content area, and not the subfolders. I did this because when I looked at the content areas created above, the Add Privileges To All Sub-folders was marked.
  - Then when I login as the test user I was able to see the content area, but none of the subfolders. That didn?t surprise me because I was guessing that the radio button to add privileges to the subfolder was only used when the user pressed the Cascade Privileges button.
  - I granted access to the all subfolders on the content areas the test user should be able to access.
  - Then I login again with the test you. I move into the content area that I viewed the first time, and I still can?t see the subfolders. But I could see all the subfolders of the other content areas the test user had access to.
  - I logged in to make sure the group was added to access the subfolders of the content area. The group did have access to the content area and all the subfolders, but the user still could not see the subfolders.
  - The only way the test user was finally able to see the subfolders was for me to go to the content area and pressed the Cascade Privileges with Add Privileges To All Sub-folders marked.
  So it seems like for some reason Oracle is storing the security, and not updating it when it is updated via API for content areas.
  Test case 2:
  - First I created several content areas with subfolders by using the wwwsbr_api.
  - I granted access to just to the content area, and not the subfolders.
  - Then when I login as the test user I was able to see the content area, but none of the subfolders.
  - I alter the test user and give him the privilege to view all content areas.
  - I login again as the test user, and I go to the content area I looked at the first time I logged in, but still couldn?t see any of the subfolders in it. I went to two other content areas, and was able to see all the subfolders.
  - I alter the test user again removing the privilege to view all content areas.
  - I login again as the test user and look at the second and third content area again. I still could see all the subfolders even though the user does not have access to them.
  I have tried clearing cache, history, deleting all temporary files and restarting my computer to make sure that it was not caching issue in the browser.
  Thanks,
  Tom

  Hello Simon,
  do you have access to SAP notes? Here you will find the detailed information when the problem will be solved:
  [Note 1178438|https://service.sap.com/sap/support/notes/1178438]
  Regards, Christiane

• Security Issues with workbook

  Hello All,
  When I log into discoverer with some responsiblity "a" i am able to see the output of the particular workbook.
  But when the same work book ran by other user with differnet responsbility "b" and with with same parameters , he is geting the message as "'The query caused no data to be returned" .
  There seems to be some security issues. Can any one kindly explain the process why the user is not able to view the output. In order to overcome this what are the actions i need to do.
  Thanks for your support.
  Best Regards,
  Kumar.

  Hi,
  I assume that you are using Oracle Applications and that the user is connecting with a different apps responsibility.
  In Discoverer, security can be applied at 4 levels; in the workbook, in the EUL, in views and using VPD. Application 11i security is mostly applied through views.
  Now, the security applied depends on the Apps module. GL, AP/AR, PO and FA all have different mechanisms for applying security. Mostly the security applied will be determined by security profiles set up for the responsibilities. But for example, GL, also uses row based (procedural) security based on the flexfield security rules in some of the GL views. If you are using a custom responsibility you will need to ensure that all the security profiles are set up for this responsibility.
  So your first step is to look at what view(s) are used in the report. Then determine which security profiles are checked by this view. So if it is a GL view you need to check the 'GL Set of Books Name' profile is defined for that responsibility.
  Without knowing which modules you are using, which version of Oracle Applications or whether you have custom or seeded responsibilities it is difficult to know why your report does not return data for the responsibility.
  Rod West

• Security issues with XMLDB.

  Good afternoon, everyone.
  I have a question concerning the security issues of using http service of XMLDB..
  I'm going to set the http port of XMLDB on my production database so I can call
  remote jobs on machines that have the Scheduler Agent installed. (http://docs.oracle.com/cd/B28359_01/server.111/b28310/schedadmin003.htm)
  My question is, what kind of security threats I have to be aware of by opening the xmldb http service port?
  Is there any article or documentation that could help me in this subject?
  Thanks for the patience.
  Regards, Leandro Freitas.

  It depends.
  Generally speaking we think in terms of a DMZ: demilitarized zone. Is the access being made by from a server protected by a firewall or is the Oracle server visible to the world via a piece of copper?
  Fill in the details, and your version number, or we truly can not help you.

• Security issues (ACLs)

  I'm still struggling with ACLs and security issues within iFS.
  We intend to use the iFS as document store. In order to eliminate redundancy no document will be stored twice within the document store.
  iFS Folders act as organizational units. Each department has got its folder as base for their part of the document store.
  Now I need to find a way, so that department a can place the same document in its own folder as department b (for example "link" it via WebUI) while being able to modify the ACL independently of department b.
  The last hint of an oracle guy (forgot the name) was to use agents to adjust the ACLs.
  Now that I've got this solution working I must see that this approach is no solution. It adjusts the ACLs whenever a document is added to a folder. This will delete the changes to the ACLs which were made by department a (assuming the folder belongs to department b).
  Merging two ACLs is not a trivial task (at least for me) and is also unwanted, since I have to remove changes of one department from the whole ACL when the document is removed from the Folder again (which is also an impossible task).
  Since I see no solution without several months of implementation work (adding link objects to iFS which represent a document within a Folder and control its ACL) I'm asking again for some advice.
  I am amazed that no other applications require this functionality. It is a common task to provide different views with different privileges onto the same set of data. Even database is able to do this. Why is iFS unable to do this ?
  Regards,
  Jens
  null

  <BLOCKQUOTE><font size="1" face="Verdana, Arial, Helvetica">quote:</font><HR>Originally posted by Alison Stokes:
  Your statement :
  "being able to modify the ACL independently of department b"
  indicates that you want to maintain two separate ACLs for a single document. This is currently not supported. To allow department a and b to each modify the access privileges to the document, they must share a single ACL. To allow the departments to both modify the ACL, you would grant both departments the 'Grant' permission in the ACL's access control list. Subsequently, they will be able to see and modify the access privileges granted to the members of the other department.
  We are currently considering enhancing the ACL model for a future release. You're input is valued greatly.
  <HR></BLOCKQUOTE>
  At least someone got my point. (seems to be a rather difficult topic to explain)
  Yes. I do not want two departments to able to modify each others ACLs.
  Whenever someone would delete an ACE or even Document of the other department (intentionally or by accident) my phone would asking me why the ACL has been modified without their knowledge. But I want to able to supply the same dokument to more than one department with a separate ACL for each department. (modifiable by the responsible person of the department)
  Regards,
  Jens
  null

• Security issues with Applets

  I have a web server that has access to a database server as i am able to create web pages with ASP and connect to the database fine using a DSN, i have created a web page that contains an applet, the applet attempts to connect to the database but i get a security error, how do i overcome this security issue, the sucurity error looks like this:
  Exception: java.security.AccessControlException: accessdenied(java.lang.RuntimePermission accessClassInPackage.sun.jdbc.odbc)
  Can anyone help??

  There is a java.policy file in
  C:\Program Files\JavaSoft\JRE\1.3.1\lib\security\java.policy
  And a tool you can use in
  C:\Program Files\JavaSoft\JRE\1.3.1\bin\policytool.exe
  You might have to tell the policytool.exe where to open the java.policy file.
  You can also just modify it in a text editor and save it as plain text when you are done.
  I don't know which permission you should look for, but you can try with
  grant {
  permission java.security.AllPermission;
  and remove or comment out the other lines. Make a backup of the policy file before you try it. Restart the browser.
  Note that you have to do this on all client machines that wants to run your applet.

• Oracle XDK Java removing security vulnerabilities

  Hi All,
  I am looking for removing security vulnerabilities that may be associated with XML parsers.
  I am looking which version of Oracle XDK Java has removed security vulnerabilities associated with XML Parsing.
  Also what is the latest version Oracle XDK Java is present in market.
  Also is new version are backward compatible. Do we need to see is any change in API level occurs.
  Currently we are using Oracle XDK Java 10.2.0.2.
  Just a description of security vulnerabilities that may be associated with XML parsers are
  "The vulnerabilities are related to the parsing of XML elements with unexpected byte values and recursive parentheses, which cause the program to access memory out of bounds, or to loop indefinitely. The effects of the vulnerabilities include denial of service and potentially code execution. The vulnerabilities can be exploited by enticing a user to open a specially modified file, or by submitting it to a server that handles XML content.:
  Regards
  Atul Parti

  Which JVM is the security tool complaining about (what is the directory path, for example)?
  My guess is that the tool is complaining about the older JVM that Oracle installs in order to run the Oracle Universal Installer and the other Java-based installation tools.  If that's the case, those JVMs do not generally represent a security issue because they are not running anything on a day-to-day basis.  They're only used by things like the OUI which only get invoked when someone wants to do something like install new software.  Ideally, you'd be able to have the conversation with the security folks and explain that those older JVMs exist only for the limited purpose of running the OUI and the other configuration tools. 
  If the security folks want you to upgrade the Java version (as opposed to just installing patches to the older JVMs), that has a decent probability of breaking the various installation and configuration tools.  That may not have much impact on a day-to-day basis but may make administration tasks in the future more challenging. 
  Justin

• Security Issue - LDAP Authentication and supply of empty passwords

  Security Issue with OC4J and JAZN LDAP Realm
  Product Versions:
  OC4J 9.0.3
  Infrastructure 9.0.2.1
  When using form based authentication or basic authentication in a WebApp, OC4J authenticates any existing user that as a password defined with an empty password.
  Example: If you have a user with the username "user" and password "password". In the login of the WebApp if you supply only the username, OC4J authenticates the user.
  Notes:
  - If we supply a wrong password we are not authenticated
  - If we supply the correct password we are authenticated.
  To reproduce the problem, I have used Oracle callerInfo jazdemo, configured to used the JAZN LDAP Realm named sample_subrealm, that is installed with 9ias infrastructure
  Notes: If I use JAZN XML Realm everything works as expected.
  Bruno Antunes
  Java Software Engineer

  Jeremy - You'd have to use database authentication to achieve that. Create a DAD without specifying a username/password and change the app's current authentication scheme to DATABASE. Then users can login using their database account credentials. LDAP won't be used when you do this so you'll have to keep the database account passwords in sync with LDAP somehow if that's important.
  Scott

• Are you aware about bash security issue CVE-2014-6271 ? Do you have a patch for that? The problem may exist in all Solaris versions.

  Are you aware about bash security issue CVE-2014-6271 ? Do you have a patch for that? The problem may exist in all Solaris versions.

  The official communication is now posted to
      https://blogs.oracle.com/security/entry/security_alert_cve_2014_7169

• OPM Security Issue

  I am working with a client that has uninstalled OPM 10.2 and upgraded to 10.3. We have upgraded using administrative privileges but the users do not have admin rights to their machines. We are working with Windows 7. The users are intermittently getting the following message below when they attempt to open a word or excel document. This issue is resolved by restarting OPM but its annoying. Any ideas would be helpful.
  Error Message
  "Oracle Policy Modeling has detected security issues that prevents Microsoft Word and Microsoft Excel add-ins from functioning correctly. Please start Oracle Policy Modeling with administratvie privileges to allow this problem to be automatically resolved."

  PS: If you have network policies that control when Windows updates occur, you could also in theory script an execution of OPM from the command-line with administrative privileges immediately after those updates, to make sure that the rule modeler never sees this message. I haven't tried this, but it should work.