Pete Finnigan's Oracle Security Weblog

I was looking for something about trace in 10g and found Mark Rittman's blog entry titled "Wait Event Enhancements in Oracle 10g". Trace is an area that i have an interest in for many reasons. the first being that trace is a good tool for discovering details about how Oracle works and sometimes for discovering information leakage such as passwords being leaked in clear text or when passwords are leaked by using some of the many Oracle dump commands - I talked about this in a post I made to a mailing list a long time ago - A link is available to the post "Revealing clear text passwords from the SGA" on my Oracle security white papers page. I am also interested in trace for forensics and audit work. I wrote a detailed paper some time back called "many ways to set Oracle trace for your session, others sessions and at instance level" - This paper details many ways to set trace for your own sessions or others and at different levels. In Marks post I was particularly interested in the paper Mark quotes http://www.dbspecialists.com/presentations/wait_events_10g.html - (broken link) Wait Event Enhancements in Oracle 10g written by Terry Sutton and Roger Schrag of Database Specialists, Inc. This is a good very detailed paper and worth reading. Mark's post is also worth a look as it suggests an earlier paper http://www.dbspecialists.com/presentations.html#wait_events - (broken link) Interpreting Wait Events to Boost System Performance and also Mark suggests some other good links on the same subject at the end of his post.