Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle simplifies SOAs"] [Next entry: "A good page describing Oradebug"]

Some good tips on Dougs blog?

I saw this evening a good post on Doug Burns blog titled " - (broken link) A shortcut for ORACLE_HOME - Doug shows us how to use the "?" as a substitute for the ORACLE_HOME environment variable saving the need to type complete paths in when running scripts from the Oracle installation. Jeff Hunter piped in with a comment that you need to be careful to not run scripts from a local Oracle Home if you are accessing the database remotely.

This is an interesting point from Doug and Jeff. Short cuts are great for saving time but can also cause heartache if errors like those indicated here occur. This, you might say is not a security issue but it becomes one if the database is trashed by running the wrong scripts. Security should also include the possibilities of errors occurring, either on purpose or maliciously or carelessly. It can become a security issue because it was possible to cause damage whether on purpose or not. This is an issue of privilege level and least privilege principles. The fact still stands though that it is a good time saving tip!