Firewalls: Re: CGI & Oracle

Firewalls
(November 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: CGI & Oracle
From:	"Mr. Jolt Cola" <msmith @ quix . robins . af . mil>
Date:	Thu, 14 Nov 1996 11:53:19 -0500 (GMT)
To:	dsalenger @ dttus . com (Daniel Salenger)
Cc:	Firewalls @ GreatCircle . COM
In-reply-to:	<9610138479 . AA847923965 @ cc3 . dttus . com> from "Daniel Salenger" at Nov 13, 96 02:59:33 pm

>      I am researching the Oracle web server product and I wanted to see if 
>      the rest of the community has found any specific CGI flaws that I 
>      should address to help secure this platform (it will reside between a 
>      dual firewall environment).  It seems that all scripting is 
>      accomplished in PL SQL (is this a superset of PERL or C?).  Thank you 

Neither. Its ORACLE's proprietary stored procedural language. Its similar to
PASCAL and its not new. Its been around since ORACLE 6. I prefer a
few powerful CGI and HTML classes written in C++ giving me just as
much power as ORACLE's method of direct PL/SQL interface. PL/SQL
is great for database programming, but it lacks in other areas,
and I know of noone in my circle who uses it for CGI.
Also, a system level language like C can allow you to implement other
security layers which should be on your mind if you are allowing
SQL from the Web to hit your database.

	Melvin Smith

References:

CGI & Oracle
From: "Daniel Salenger" <dsalenger @ dttus . com>

Indexed By Date	Previous:	Re: FW-1 documentation mistake From: Bill Gray <whg @ inel . gov>
Indexed By Date	Next:	guantlet firewall config help require From: Albert Lim Keng Leng <alkl . pt @ cemtecasia . com . sg>
Indexed By Thread	Previous:	CGI & Oracle From: "Daniel Salenger" <dsalenger @ dttus . com>
Indexed By Thread	Next:	Re: CGI & Oracle From: Steve Edwards <sedwards @ cts . com>