Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "JHeadstart has some new features slated for the next release"] [Next entry: "42 security bugs found in Oracle's Metalink database - Some serious!"]

A new short paper on Alex's site - How to change XMLDB Ports

I saw a new paper on Alex's site the other day titled "Change XMLDB Ports" that explains how to change the default port numbers for HTTP and FTP in XMLDB. The paper is short and sweet and includes example PL/SQL code to change the port numbers. I have a simple paper on my site that shows a different way to disable the ports completely. This paper is called "How to Stop / shutdown the ftp and http ports (2100 and 8080) on 91R2". Alex's paper does not allude to the fact that his code can also be used to disable the ports completely as well. This can be done by setting the port numbers to 0 (zero) in each PL/SQL call. The ports are enabled by default and should be disabled if the functionality is not needed. There are exploit codes published to attack these ports. There is also a Roby Sherman paper on the same subject. There is a link to it on my Oracle security white papers page - search on Roby with CRTL-F in the page.