Forum OpenACS Q&A: Response to Bugtraq: Remote Compromise in Oracle 9i Database Server (and Oracle 8)

Ugh ... so what pieces do we have that need EXTPROC?  Java's embedded within Oracle so I would think you don't (besides which we're ripping it out)?  We've also ripped out the Oracle smtp stuff.  Does InterMedia need this to run the INSO filters?

The firewall solution and the trusted IP solution both would pretty much seal one off from harm but just dumping EXTPROC altogether would be nicer, if we don't need it.

Can one of our more experienced Oracle types shed some light, here?