Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle 9i Isn't Quite Unbreakable

Posted by timothy on from the whom-the-crackers-would-destroy dept.

BillTheKatt writes: "The formerly (as in a couple of weeks) "unbreakable" Oracle 9i has been found to be vulnerable to a Denial Of Service bug. ... Thanks [H]ardOCP for the link to the Article At SiliconValley.com. For more information see the official notice on SecurityFocus. More proof that Microsoft does not hold a monopoly on bugs. And of course a black eye to Mr. Larry 'Big Mouth' Ellison. I'm still waiting for my network computer, Larry."

3 of 113 comments (clear)

  1. Oracle9i Database vs. Oracle9i Application Server by briansmith · · Score: 5, Informative

    Some people are confusing the Oracle9i Database with the Oracle9i Application Server. I agree that the naming is confusingly similar but they are two very different products. The article refers to Oracle9i Application Server, not the database.

    Oracle9i Application Server is basically Apache 1.3 bundled with Orion Application Server and and embedded (yes, embedded!) Oracle database server used for data caching. There are a variety of add-ons included as well, depending on how many tens of thousands of dollars (per processor) one wants to spend.

    Also, Larry's term "unbreakable" refers not just to security issues but also availability and scaleability.

  2. Re:The Distinction is Very Important by Khalid · · Score: 5, Informative

    >face it, Apache was never designed to handle
    >mission-critical, Enterprise-level applications.
    >It's great for serving web-pages out of your
    >dorm-room, but for a $$$ piece of software like
    >Oracle 9i, I don't know.

    >you are never going to be able to fully vet a
    >piece of software like Apache that was developed
    >by non-professionals

    Why are you spreading fud like this ? what is your hidden agenda ?

    Many professional programmers particularly from IBM and SUN participate to the Apache project, plus, IIS has been developed by so called professionals, well sorry, it's not particularly known for it's robustness.

    Please check out your facts before posting uninformed posts, or stop spreading fud.

  3. Nice fact-checking, Timothy by hatless · · Score: 5, Insightful
    1. It's a buffer overflow in affecting the 9i Application Server--specifically, a PL/SQL Apache module--and not the database. Still a Bad Thing, but not the same thing.
    2. The crack regarding "still waiting for [your] Network Computer" is pretty dopey. Ellison's NIC Company has been shipping them going on two years now.

    You'd think they'd be a big hit with the Slashdot set seeing as they boot Linux with X off a CD, and have Ethernet, USB, a modem and VGA support built in, all for $200. I guess lame jokes predicated on them not existing are more fun.