Friday, September 07, 2007

Stand alone Oracle HTTP Server vs AS 10.1.x OHS

I just learned the following, which I wanted to share with you.

One reason for using the 10.1.3.3 HTTP Server rather than the companion cd - Apache 2.0 - version is that no generic patchsets are ever issued for the Apache 2.0 version. It means that the MOD_OC4J component which comes with the 2.0 version always stays the same and neve
r receives any bug fixes. You can also more easily configure the base 10.1.3 HTTP Server as part of an OracleAS 10.1.3 cluster topology.

I had the idea that a stand alone OHS in the web tier (e.g. in the DMZ) would be a better setup as there are less points to attack, especially as there is a direct exposion to the Internet.
I'll try to switch to the AS 10.1.3.x version instead of the stand alone OHS to see if this solves my problem.

However I do not understand why Oracle keep different patch regimes with their software when they should share the same code base?

No comments: