Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Niall says Oracle 10gR2 should be out on June 30 - for Linux"] [Next entry: "10g Release 2 PL/SQL and SQL new features"]

A security issue with OPR version 1.1.7

Jasper and Jan-Marten Spit have just emailed me to say that they have removed the new version 1.1.7 from They ran into a serious security issue that they found after reading the article I posted to my blog titled "Installing Oracle Password Repository (OPR) - a walk through" which was sent to me by Mike Thomas and describes an installation session of OPR. Jasper and Jan-Marten felt the issue serious enough to pull 1.1.7 and they tell me that a new version 1.1.8 will be made available very soon - I will let you know here when it is out. I think this is a very responsible attitude to security of their software.