Pete Finnigan's Oracle Security Weblog

I saw an interesting post on the oracle-l list last week that I thought I might mention here. The post was titled "10gr2 Beta Testing XML DB" and talks about the fact that 10gR2 has some new XML DB functionality that can be signed up for testing under a beta program. The poster said he knew about it from the XML DB discussion groups (otn?, metalink?) and he posted a link to the beta program.

Whilst this is not directly an Oracle security related post, it is interesting for two reasons. The first is that access to any new feature before it is released is always useful for the security conscious DBA. Whether you can get this access without promising to test and be a proper part of the beta program is another thing, I suspect not!. Access to new features especially web type features is worth having in advance if they are likely to be used in the future in your organisations. This is so you can get a heads up on installation, use and the security configurations. Also if it’s still in a beta program any security concerns could be brought to light and fixed before the software is used in anger. The second reason is that as hinted its a web type feature so has an inherent security component in that its likely to be web facing or at least network facing, whether wide area or local is irrelevant. There will be security concerns that will need to be taken into account when using software such as this. Having a heads up may help you make it more secure if its used in the future, if its not used then knowing how to secure it even if its not used can still be useful.

My final thought with software like this that is in beta is that there are likely a lot of developers, DBA's and others that will take part and use it, any company involved needs to know that its involved, i.e. if keen employees take part does the DBA and security officer know and are they involved in ensuring security is maintained.