Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A good list of Oracle security check items"] [Next entry: "Tools page updated"]

Ed had an interesting post yesterday about $ tables, DBA views and x$ tables

I noticed that yesterday on Edward Stanglers weblog that he had made a useful post about the dollar tables, the DBA views and the X$ tables, basically how the data dictionary is broken down. This is a good post giving an overview of these views and tables. It is worth remembering that in Oracle security terms general users should never have access to any of these tables or views. They contain configuration details that can be used to abuse your database. None of these sources of information therefore should be available to normal users. Ed makes a good point that $ tables and X$ tables should not be accessed directly; the information should only be obtained via the official views. What I would add is that you need to be aware of what users can access these tables and views.

Again Ed's post is here.