Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "orablogs is back"] [Next entry: "Some spiffy new security bits in 10g Release 2"]

10g Release 2 allows deletion of datafiles

I saw a post on Niall's blog last night about the new ability to drop datafiles in the new Oracle 10g Release 2. This is a great new addition. How many times do you see seemingly extra database, indeed how many times have you done it yourself! - created one that is. Niall's post is titled "a cure for idiocy". This feature should mean that file system layouts are not spoiled from a designed layout. An extra datafile added by accident could be a very slim security hazard because they could end up not being secured properly and be readable or even writable by world. This may not seem to be an issue but any datafile that is writable could be used to exploit a database by crashing it. This feature is an interesting addition.