Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "alpha copies of two chapters of Tom's new book are available"] [Next entry: "Tug has an interesting post on software terrorists"]

Follow up on direct appplication repository access

I posted about a week ago about direct dictionary access in a post titled "Tom talks about direct dictionary editing" and then again in a post titled "Direct dictionary access again". A few days ago Paul Drake sent me some good advice on the latter post. I wanted to repeat this here for others to benefit. Here it is:


One method of handling application metadata is to segregate it to its
own tablespaces, which are altered to read only except during
application maintenance. If an event trigger is configured to send an
alert when such tablespaces are altered to read write, I think that
most any auditor would be satisfied.

A lot of my employer's lookup data is in small tables anyways, so I had
moved such tables into a 2 KB block size tablespace and set it to read
only. Many of these tables were marked as candidates for single table
hash clusters - so we accomplished several objectives in the move.


Thanks Paul for some good advice on managing application repositories.