database question

[zahc]

At work we have an Oracle database. I can query it with whatever windows-based sql development program provided by corporate IT. But I don't know what the program does 'behind the scenes'.

I would like to be able to submit queries to the database from my own perl scripts and cgi stuff, mostly from Linux. But I don't know how to interface with the DB. I understand that databases don't have a standard, open interface; it's not like ftp or anything. It would be great if I could just pipe my SQL file into some program on the database server but I think I need a special Oracle utility. I looked through the repos but lots of stuff comes up when I search Oracle.

[Nick1911]

Sqlplus is the standard way to do this with Oracle kit.  There are plenty of Oracle drivers for just about every programming language  as well.  I use JDBC often.

[GigaBuist]

There's actually quite a few standard ways of getting into databases.  None are prefect, but they work well for basic stuff.

For Perl and Oracle look toward the DBI/DBD::Oracle module.

[Nick1911]

Also: wireshark works well to see what commands are going over the network to DB. 

[GigaBuist]

Also: wireshark works well to see what commands are going over the network to DB. 

I'm not sure why you would ever... oh.  Yeah, that.

Did a security audit once (and only once, it's not my thing, but I was the only guy the consulting company knew the call) where the client didn't think I was doing anything because they didn't see massive traffic during my testing.

I gave some general suggestions on security, places where the web-app could be given invalid data that busted some things.  And then I told them the Oracle password to their DB.  Not sure why anybody would put that in a cookie, but they did.