Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "ooops forgot the link"] [Next entry: "Debu talked about EJB security hole"]

Wait even enhancements in 10g

I was looking for something about trace in 10g and found Mark Rittman's blog entry titled "Wait Event Enhancements in Oracle 10g". Trace is an area that i have an interest in for many reasons. the first being that trace is a good tool for discovering details about how Oracle works and sometimes for discovering information leakage such as passwords being leaked in clear text or when passwords are leaked by using some of the many Oracle dump commands - I talked about this in a post I made to a mailing list a long time ago - A link is available to the post "Revealing clear text passwords from the SGA" on my Oracle security white papers page. I am also interested in trace for forensics and audit work. I wrote a detailed paper some time back called "many ways to set Oracle trace for your session, others sessions and at instance level" - This paper details many ways to set trace for your own sessions or others and at different levels. In Marks post I was particularly interested in the paper Mark quotes - (broken link) Wait Event Enhancements in Oracle 10g written by Terry Sutton and Roger Schrag of Database Specialists, Inc. This is a good very detailed paper and worth reading. Mark's post is also worth a look as it suggests an earlier paper - (broken link) Interpreting Wait Events to Boost System Performance and also Mark suggests some other good links on the same subject at the end of his post.