What’s in security – October 2009

Last Thursday I read that Oracle postpones the upcoming CPU patches. They state:

There is a change in the previously announced release date of the October 2009 Critical Patch Update.

Since many Oracle customers with responsibility for deploying the Critical Patch Update within their respective organizations will be attending Oracle OpenWorld October 11-15, 2009, the October 2009 Critical Patch Update originally scheduled to be published on Tuesday, October 13th 2009, will be released on October 20th 2009.

Please note: this date change only impacts the October 2009 Critical Patch Update. As usual, Oracle will issue a pre-release announcement on the Thursday before the publication of the Critical Patch Update (Thursday, October 15th). All other aspects of the Critical Patch Update (where to find the documentation, how to download the patches, etc.) remain the same.

(More info: see Metalink

A good reason would be that there are no important patches.. aren’t there..?

Using the network.. with a local instance

So I wanted to have a local database on my Windows XP machine. To make the installation as much as possible server alike, I created the MS loopback adapter to be sure of a certain IP address:

Ethernet adapter loopback (oracle):

Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.2.3
Subnet Mask . . . . . . . . . . . : 255.0.0.0

Well, it seems that the listener daemon binds to the most recent IP address. Typical Windows behaviour, as it seems.  In order to be sure I have the correct IP address I start my listener and instance after I established my last connection (e.g. Dial up networking to a 3G network Ethernet).

One is able to change the binding order when, for example, you do create another new network connection;

Start –> Run –> ncpa.cpl

Choose Advanced, Advanced Settings and choose under Connections your desired order.

Instead of some ugly ISP given network which will make your listener connections ugly:

* (CONNECT_DATA=(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))(SERVICE_NAME=orcl)) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.4.5.6)(PORT=2019)) * establish * orcl * 0
* service_update * orcl * 0

You get your clean (loopback adapter):

* (CONNECT_DATA=(CID=(PROGRAM=)(HOST=__jdbc__)(USER=))(SERVICE_NAME=orcl)) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.1.2.3)(PORT=2019)) * establish * orcl * 0
* service_update * orcl * 0

NOTE!

To prevent from any (local) connection errors, please be aware that the %SystemRoot%\System32\drivers\etc\hosts file should be something like this:

127.0.0.1 localhost
10.1.2.3 your_host_name

Similar, on RAC environments, when you enter your hostname after the local loopback address, you might get one of the following errors:

ORA-00603: ORACLE server session terminated by fatal error
or
ORA-29702: error occurred in Cluster Group Service operation

(RAC info from http://www.puschitz.com/InstallingOracle10gRAC.shtml)

SQLNET.AUTHENTICATION_SERVICES vs. connection time outs

One could have an Oracle installation (10g, in my case) on a Windows XP machine). To bypass the problem of connection loss you could set SQLNET.AUTHENTICATION_SERVICES to none but then sqlplus / as sysdba won’t work anymore (obviously).

So I set my SQLNET.AUTHENTICATION_SERVICES back to NTS (using TNSNAMES)

The problem of connection loss doesn’t seem to appear anymore, maybe it’s because of a correct network binding (listener)?

C:\oracle\product\10.2.0\db_1\NETWORK\ADMIN>type sqlnet.ora

SQLNET.AUTHENTICATION_SERVICES= (NTS)

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)