Security Characteristics of the Configuration
The configuration we've established here accomplishes two important security objectives:
· It allows the system administrator to run the external procedure listener as a user account with limited privileges. By default, the listener would run as the account that runs the Oracle server.
· It limits the external procedure listener to accept only IPC connections from the local machine, as opposed to TCP/IP connections from anywhere.
But we're not quite done. The tnsnames.ora file for the database in which the callout originates will need an entry like the following:EXTPROC_CONNECTION_DATA = (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC)(KEY = extprocKey)) (CONNECT_DATA = (SID = extprocSID) (PRESENTATION = RO)) )
You'll recognize most of these settings from the earlier listener configuration. Note that the values you used in the listener for extprocKey and extprocSID must match their respective values here. The optional PRESENTATION setting is intended to improve performance a bit; it tells the server, which might be listening for different protocols, to assume that the client wants to communicate using the protocol known as "RemoteOps" (hence the RO).
You'll want to be careful about what privileges the supplemental listener account has, especially regarding its rights to modify files owned by the operating system or by the oracle account. Also, by setting the TNS_ADMIN environment variable on Unix (or in the registry of a Microsoft operating system), you can relocate the external procedure listener's listener.ora and sqlnet.ora files to a separate directory. This may be another aspect of an overall approach to security.
Setting up these configuration files and creating supplemental OS-level user accounts may seem rather distant from day-to-day PL/SQL programming, but these days, security is everybody's business!