Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Follow up on direct appplication repository access"] [Next entry: "Nice post on Amis about flasback"]

Tug has an interesting post on software terrorists



I saw an interesting post on Tug's blog yesterday titled http://www.grallandco.com/blog/archives/2005/05/which_kind_of_d.html - (broken link) Which kind of developer are you? A software terrorist?. This is a post about a recent editorial by Allen Holub, the guy famous for writing many compiler and OS books. I have read his book Compiler design in C and I subscribe to his sporadic newsletter. Alan’s editorial http://68.236.189.240/fullcolumn/column-20050501-01.html(broken link) - The Terror of Code in the Wrong Hands - This is an interesting read and as Tug says the description of software terrorist is great. The issue of one employee (or otherwise) staying late and "fixing" or "improving" code whilst everyone is at home and then not telling anyone is an issue that we have all heard about. But from a security perspective this is an issue we should all be concerned about. What if someone changes parameters, application code or anything else in the database either "innocently" or on purpose? Would you know it had happened? Knowing the configuration of your database because it is stored and baselined and also ensuring application source code is controlled both in source repositories and also through change control and release mechanisms is important.

This is a good article, not intended to be Oracle security specific but relevant all the same.