Will Goldengate use Remote Procedure Call (RPC)?

简介:

Question: My Customer using Oracle GoldenGate to sync data from 11.2.0.1 RAC (on Solaris 10 SPRAc 64bit) to 9.2.0.8 standalone DB (On solaris Sparc 64bit). My customer recently doing an OS security scan check for node of 11.2.0.1 RAC. The security scan check result saying the RAC node (HK8SP226) has a potential security issue on "rpcstatd: RPC statd remote file creation and removal". My customer suspect that Goldengate is using RPC for file transfer. Would you please help to check if goldengate need to use RPC or not? if goldengate dont need to use RPC, then i will ask my csutomer to close this function in server Supplementory information for security check result. ---------------------------------------------------------------------- hk8sp226 {172.20.104.178} Solaris H rpcstatd: RPC statd remote file creation and removal Remote Procedure Call (RPC) statd maintains state information in cooperation with RPC lockd to provide crash and recovery functionality for file locking across the Network File System (NFS). Statd does not validate information received from a remote lockd. By sending to the statd service an RCP or RDIST request including references to the parent directory (".."), an attacker can provide false information to the rpc.statd file, allowing the creation of a file in an arbitrary directory on the host. This can be used to overwrite pre-existing files or create new files on the host. Answer: Oracle GoldenGate transfers trail files over TCP/IP to the remote host which internally uses RPC for transferring the data to remote. You could let customer know about it and could exclude it from hardening.



本文转自maclean_007 51CTO博客,原文链接:http://blog.51cto.com/maclean/1277662

相关文章
|
弹性计算 JSON Devops
阿里云效(Aliyun DevOps)的接口使用的是RPC(Remote Procedure Call)协议
阿里云效(Aliyun DevOps)的接口使用的是RPC(Remote Procedure Call)协议
391 1
|
XML 网络协议 Dubbo
【Java面试】RPC(Remote Procedure Call)
【Java面试】RPC(Remote Procedure Call)
187 0
|
Unix
IBM AIX 'rpc.cmsd' Calendar Daemon Remote Stack Buffer Overflow Vulnerability
A commercial exploit is available through the Immunity Partners program: https://www.
713 0
|
Unix
ibm aix rpc.cmsd remote exploit
http://packetstormsecurity.org/1002-exploits/rpc_cmsd_opcode21.
1077 0
|
6月前
|
负载均衡 Dubbo Java
Dubbo 3.x:探索阿里巴巴的开源RPC框架新技术
随着微服务架构的兴起,远程过程调用(RPC)框架成为了关键组件。Dubbo,作为阿里巴巴的开源RPC框架,已经演进到了3.x版本,带来了许多新特性和技术改进。本文将探讨Dubbo 3.x中的一些最新技术,包括服务注册与发现、负载均衡、服务治理等,并通过代码示例展示其使用方式。
359 9
|
6月前
|
设计模式 负载均衡 网络协议
【分布式技术专题】「分布式技术架构」实践见真知,手把手教你如何实现一个属于自己的RPC框架(架构技术引导篇)
【分布式技术专题】「分布式技术架构」实践见真知,手把手教你如何实现一个属于自己的RPC框架(架构技术引导篇)
267 0
|
17天前
|
自然语言处理 负载均衡 API
gRPC 一种现代、开源、高性能的远程过程调用 (RPC) 可以在任何地方运行的框架
gRPC 是一种现代开源高性能远程过程调用(RPC)框架,支持多种编程语言,可在任何环境中运行。它通过高效的连接方式,支持负载平衡、跟踪、健康检查和身份验证,适用于微服务架构、移动设备和浏览器客户端连接后端服务等场景。gRPC 使用 Protocol Buffers 作为接口定义语言,支持四种服务方法:一元 RPC、服务器流式处理、客户端流式处理和双向流式处理。
|
3月前
|
Dubbo 网络协议 Java
RPC框架:一文带你搞懂RPC
这篇文章全面介绍了RPC(远程过程调用)的概念、原理和应用场景,解释了RPC如何工作以及为什么在分布式系统中广泛使用,并探讨了几种常用的RPC框架如Thrift、gRPC、Dubbo和Spring Cloud,同时详细阐述了RPC调用流程和实现透明化远程服务调用的关键技术,包括动态代理和消息的编码解码过程。
RPC框架:一文带你搞懂RPC
|
2月前
|
XML 负载均衡 监控
分布式-dubbo-简易版的RPC框架
分布式-dubbo-简易版的RPC框架