5 Replies Latest reply: Feb 23, 2012 3:44 AM by Sudheendra RSS

    OCIServerVersion()  sec_return_server_release_banner

    902884
      Hi


      In order to demonstrate the security feature of Oracle one has to call OCIServerVersion() or OCIServerRelease() when the user session has not yet been established
      while having the database parameter sec_return_server_release_banner = false.
      I am using python cx_Oracle module for this but i am not sure how to get the server version before establishing the connection any ideas ?

      regards
        • 1. Re: OCIServerVersion()  sec_return_server_release_banner
          Sudheendra
          Without connecting to server there is no way to get the server version or the banner information
          • 2. Re: OCIServerVersion()  sec_return_server_release_banner
            902884
            Hi

            Well the documentation states otherwise

            Controlling the Database Version Banner Displayed

            OCIServerVersion() can be issued before authentication (on a connected server handle after calling OCIServerAttach()) to get the database version.
            To avoid disclosing the database version string before authentication, set SEC_RETURN_SERVER_RELEASE_BANNER initialization parameter to NO. For example:

            SEC_RETURN_SERVER_RELEASE_BANNER = NO

            This will display the following string for release 11.1 and all subsequent releases and patch sets:

            Oracle Database 11g Release 11.1.0.0.0 - Production

            Set SEC_RETURN_SERVER_RELEASE_BANNER to YES and then the current banner is displayed. If you have installed release 11.2.0.2, the banner displayed is:

            Oracle Database 11g Enterprise Edition Release 11.2.0.2 - Production

            This feature will work with a release 11.1 or later server, and any version client.
            • 3. Re: OCIServerVersion()  sec_return_server_release_banner
              Sudheendra
              What the document says & what I mentioned are true.
              I mentioned "Without connecting to server there is no way to get the server version or the banner information"
              I did not say without authentication.
              The document also says before authentication it works.
              You are connected after OCIServerAttach but for authentication you need to use call OCILogon2/OCISessionBegin/OCILogon with username and passwd
              To get the server version/banner you can call OCIServerVersion after OCIServerAttach.
              If your python modules are using OCILogon2 which does connection and authentication you will have to connect to get the server version unless you have the python sources which you want to modify to user OCIServerAttach followed by Logon/SessionBegin
              • 4. Re: OCIServerVersion()  sec_return_server_release_banner
                902884
                Hi Sudheendra

                Thanks for taking time out and looking at this.
                Is there any example that can show me this
                • 5. Re: OCIServerVersion()  sec_return_server_release_banner
                  Sudheendra
                  Did you mean to show how to modify python sources to use OCIServerAttach and then OCISessionBegin ? Sorry, I don't have anything on this.
                  If you are looking for just an OCI Code then its very trivial and you can look up at OCI docs.

                  Edited by: Sudheendra on Feb 23, 2012 3:13 PM