Author: Laurent Schneider

Log4J and Oracle Database

Post author By Laurent Schneider
Post date January 5, 2022
Categories In Uncategorized
1 Comment on Log4J and Oracle Database

CVE-2021-44228 issue allows an user without authentication to execute code. It is tremendously easy to exploit, it is more a working-as-designed feature than a hard-core memory glitch. Log4j is a logging library for java. If you enter some unexpected string, your web server may log it to a logfile. What’s your name? John What’s your […]

TNS resolution with LDAP and SSL

Post author By Laurent Schneider
Post date November 26, 2021
Categories In Uncategorized
1 Comment on TNS resolution with LDAP and SSL

Long time ago, ldapsearch without password and without ssl was the way to go. But clear-text authentication (so called simple-bind) is a security leak. More and more, directory server vendors and administrators are closing the default non-ssl port and enforce authentication. And if you use ldap for TNS naming, things will break. Back in 2003, […]