Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "An interesting post about PeopleSoft and Oracle"] [Next entry: "A good book on reverse engineering"]

Steve has improved his Custom JDBC URL example

I just saw Steve Muench's post to his blog titled "Improving the Comments in my Custom JDBC URL Example for Pete" (I think that is the first blog entry I have seen addressed to me!). Steve has made some changes to the comments in his example code that he discusses in his earlier post "Providing Fixed JDBC Credentials from Custom Source" because of my comments in my post "Steve has added an undocumented sample for fixed JDBC credentials". I said it was not a good idea to hard code passwords in applications. Steve never intended this to be the case, his new class was instead a starting point for users to read in the username and password from a more secure location such as a properties file, custom repository or something else. Steve also points out that an encrypted password will improve the security somewhat more.

Thanks for the update Steve and for the clarification.