Additional security considerations, Additional security considerations -3 – Oracle B12255-01 User Manual
Page 47
Oracle HTTP Server Processing Model
Managing Server Processes
4-3
Additional Security Considerations
For additional security on UNIX, you can change the user to “nobody”. Be sure that
the child processes can accomplish their tasks as the user “nobody”. Change all
static content, such as the ORACLE_HOME/Apache/Apache/htdocs directory on
UNIX or ORACLE_HOME\Apache\Apache\htdocs on Windows, so that all the
files are readable, but ideally not writable by the user “nobody”. Also, verify that all
the CGI and FastCGI programs can be run by user “nobody”.
After making manual configuration changes to DAD passwords, it is recommended
that the DAD passwords are obfuscated by running the “dadTool.pl” script
located in ORACLE_HOME/Apache/modplsql/conf.
If your PL/SQL application is using the file-system caching functionality in mod_
plsql
, then the httpd processes should have read and write privileges to the cache
directory through the parameter
in ORACLE_
HOME/Apache/modplsql/conf/cache.conf
on UNIX or ORACLE_
HOME\Apache\modplsql\conf\cache.conf
on Windows. By default, this
parameter points to ORACLE_HOME/Apache/modplsql/cache on UNIX or
ORACLE_HOME\Apache\modplsql\cache
on Windows.
Finally, given that the cached content might contain sensitive data, the final contents
of the file-system cache should be protected. So, although Oracle HTTP Server
might run as “nobody”, access to the system as this user should be well-protected.
See Also:
on page 7-36 on instructions
on performing the obfuscation.
See Also: