6 Replies Latest reply on Nov 26, 2018 1:53 PM by fac586

    Solicitation for remote access to system

    fac586

      In a thread on the APEX forum a user repeatedly requests another to provide direct access to their development system using an obscure service called "ngrok":

       

      Alli Pierre Yotti wrote:

       

      It should works. I am not Idea why is not working for you. Can you expose your Local Development Environment to the outside world with Ngrok?

      I also did it and it works for me

      https://2b6b876a.ngrok.io/ords/f?p=104

       

      Can you do it and share workspace, username and password?

      Alli Pierre Yotti wrote:

       

      You should or not ?

      http://2b6b876a.ngrok.io/ords/f?p=104:33:0::NO:::

       

      You should follow here to do that

      https://bkintsiful.blogspot.com/2018/10/expose-your-local-development.html

       

      My understanding that these solicitations, and the resulting access if granted, contravene sections 6 & 8 of this site's Terms of Use, since such access would in most cases be in violation of the UK Computer Misuse Act 1990 and similar legislation pertaining to other jurisdictions.

       

      6. Your Content

      You agree that you will only upload, share, post, publish, transmit, or otherwise make available ("Share") on or through the Site Content that you have the right and authority to Share and for which you have the right and authority to grant to Oracle all of the licenses and rights set forth herein. By Sharing Content, you grant Oracle a worldwide, perpetual, royalty-free, irrevocable, nonexclusive, fully sublicensable license to use, reproduce, modify, adapt, translate, publish, publicly perform, publicly display, broadcast, transmit and distribute the Content for any purpose and in any form, medium, or technology now known or later developed. This includes, without limitation, the right to incorporate or implement the Content into any Oracle product or service, and to display, market, sublicense and distribute the Content as incorporated or embedded in any product or service distributed or offered by Oracle without compensation to you. You warrant that: (a) you have the right and authority to grant this license; (b) Oracle's exercise of the rights granted pursuant to this license will not infringe or otherwise violate any third party rights; and (c) all so-called moral rights in the Content have been waived to the full extent allowed by law.

       

      You agree that you will neither use the Site in a manner, nor Share any Content, that: (a) is false or misleading; (b) is defamatory, derogatory, degrading or harassing of another or constitutes a personal attack; (c) invades another's privacy or includes, copies or transmits another's confidential, sensitive or personal information; (d) promotes bigotry, racism, hatred or harm against any group or individual; (e) is obscene or not in good taste; (f) violates or infringes or promotes the violation or infringement of another's rights, including intellectual property rights; (g) you do not have the right and authority to Share and grant the necessary rights and licenses for; (h) violates or promotes the violation of any applicable laws or regulations; contains a solicitation of funds, goods or services, or promotes or advertises goods or services; or (j) contains any viruses, Trojan horses, or other components designed to limit or harm the functionality of a computer. Oracle may report you to the relevant authorities and may act under the fullest extent of applicable laws if you transmit or upload content intended or designed to cause harm.

       

      Oracle does not want to receive confidential information from you through or in connection with the Site. Notwithstanding anything that you may note or state in connection with Sharing Content, it shall not be considered confidential information and shall be received and treated by Oracle on a non-confidential and unrestricted basis and Oracle shall not take and shall not be required to take any steps to safeguard the confidentiality of any information that you Share, other than as specified in Oracle's Privacy Policy.

      8. No Unlawful or Prohibited Use

      You agree not to use the Site, or Content provided on or through the Site, for any purpose that is unlawful or prohibited by these Terms of Use or the rules, guidelines or terms of use posted for a specific area of the Site or Content provided on or through the Site.

       

      Additionally, the use of such private channels limits the legitimate sharing of information and is therefore contrary to the purpose and spirit of this community.

       

      What are the views of the administrators, moderators, and other community members on this? Should requests of this nature and the promotion of "ngrok" and similar services be treated as abuse?

        • 1. Re: Solicitation for remote access to system
          Timo Hahn

          The APEX space is a bit different in this relation.

          I allow sharing links to workspaces as it has been this way all the time. I remember that the mods had a discussion on this issue and the outcome was to allow it for the APEX space. Sometimes there is no other way to help in APEX as to the project.

           

          As I'm not using APEX myself, I don't know where the shared workspaces lead to.

           

          Timo

          • 2. Re: Solicitation for remote access to system
            Dude!

            For what it's worth, I agree with your assessment about the spirit of the community - the practice generally undermines the interests of participants and introduces a potential for all sorts of misuse.

            • 3. Re: Solicitation for remote access to system
              fac586

              Timo Hahn wrote:

               

              The APEX space is a bit different in this relation.

              I allow sharing links to workspaces as it has been this way all the time. I remember that the mods had a discussion on this issue and the outcome was to allow it for the APEX space. Sometimes there is no other way to help in APEX as to the project.

               

              As I'm not using APEX myself, I don't know where the shared workspaces lead to.

              This is completely different to the long-standing (and necessary) practice of demonstrating and collaborating problems in a shared workspace on apex.oracle.com. The Oracle-hosted site is the APEX equivalent of JSFiddle, CodePen, or Oracle's own Live SQL: a publicly accessible sandpit for demonstrating code examples and problems.

               

              What is being demanded here is direct access to remote systems owned and operated by the OP, their employers, customers, or cloud providers. In the vast majority of cases the person requesting this access and those facilitating it will not be authorised to do so. By publishing an ngrok URL and user credentials that would permit unauthorised access to a system falling under the jurisdiction defined in the Computer Misuse Act 1990, Oracle would commit an offence under section 3A by supplying an "article believing that it is likely to be used to commit, or to assist in the commission of, an offence under [section 1, 3 or 3ZA]".

              • 4. Re: Solicitation for remote access to system
                BluShadow

                Sound like something that Oracle themselves need to take up, not volunteer mods or other members of the community.

                 

                Chitrasai1-Oracle  please can you look in to this.

                • 5. Re: Solicitation for remote access to system
                  Chitrasai1-Oracle

                  Thanks for bringing it to my notice.

                   

                  I will get in touch with the apex admin and see what best we can do.

                  • 6. Re: Solicitation for remote access to system
                    fac586

                    Chitrasai1-Oracle wrote:

                     

                    Thanks for bringing it to my notice.

                     

                    I will get in touch with the apex admin and see what best we can do.

                    THIS HAS NOTHING TO DO WITH THE apex.oracle.com SERVICE OR ANYTHING ELSE THAT AN INTERNAL ORACLE "APEX ADMIN" CAN DEAL WITH.

                     

                    The problem relates to attempts to gain access to remote systems (that are not administered by Oracle) using ngrok or other SSH tunneling services. Any such access is likely to be unauthorised, illegal, and  constitute a major security breach on any system exploited in this way. You need to determine whether sharing access in this way (noting that this could occur via private messages as well as forum posts) contravenes this site's terms of use. This is a question for your legal and security teams, not APEX admins.