Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "port 1521 and redirection"] [Next entry: "Ed Has another post in the catpatch.sql series"]

Oracle Security Tools page updated

I was emailed the other day by Dave to tell me that I had incorrectly named the - (broken link) Russian password cracker for Oracle written by Tran Technologies. I said it was written by Bead Dang but in fact it was written by Bear Dang. Sorry to the authors for this mistake. I have updated my Oracle Security Tools page to correct this error.

This is a useful tool for auditing passwords in an Oracle database. It is a PL/SQL program and source code is included. It does a brute force check to find passwords that users have specified. There is a downside in that it should really be used in a separate database to prevent resource hogging issues in the database where the users passwords are to be checked. Because its PL/SQL based and uses ALTER USER commands its quite slow but still useful.

Also remember to check for default Oracle users with default passwords still set as well as auditing users passwords.