I just came across the recent news story by Clint Boulton titled "Oracle Locks Up 'Federated' App Server" describes the fact that Oracle has just debuted their new security developer tools that allow a user to grant or deny access to information held on computers.
This is an interesting news item that tells us that
"The tools let corporations offer partners and customers access to their internal applications, while keeping them out of files and other information they don't want to share."
"The suite of tools, based on specifications written by the OASIS SAML (define) and the Liberty Alliance Project, has been designed to craft applications that run on Oracle Application Server 10g Release 2, launched earlier this year."
The tools are based on federated identity where policies define whether users can access data or not. The access to the data is granted via passwords or / and other credentials. These new tools are needed to weave security into the Service Oriented Architectures (SOA) Oracle and its rivals are pushing. The tools are part of the Oracle Fusion Middleware brand.
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "Alex's SQL Injection advisory is available in German"] [Next entry: "Google has added a great blog search tool"]
September 2005
- 0rm's Oracle password cracker orabf has been updated - 09/01/2005 by 09/01/2005
- CPU July 2005 patch set for Application Server Windows 9.0.2.3 has a problem - 09/03/2005 by 09/03/2005
- Security firm considers changing its policy on public disclosure of security vulnerabilities - 09/04/2005 by 09/04/2005
- Wifred notes that Patch 9.0.4.2.0 has a bug in Oracle forms - 09/05/2005 by 09/05/2005
- archivelog mode - or not? - 09/06/2005 by 09/06/2005
- jDUL / DUDE (Database Unloading by Data Extraction) - an alternative to DUL - 09/07/2005 by 09/07/2005
- Nice paper by KK Mookhey and Nilesh Burghate - Detection of SQL Injection and Cross-site Scripting Attacks - 09/09/2005 by 09/09/2005
- Amis talks about the need to remove USER from PL/SQL and SQL code - 09/12/2005 by 09/12/2005
- A small correction to a post about DBMS_SYSTEM.KSDDDT - 09/13/2005 by 09/13/2005
- Alex has released details about a common SQL Injection vulnerability in Oracle reports - 09/14/2005 by 09/14/2005
- Oracle Locks Up 'Federated' App Server - 09/15/2005 by 09/15/2005
- On Security, Is Oracle the Next Microsoft? - 09/17/2005 by 09/17/2005
- Some testing of orabf (Oracle password cracker) speed by Marcel-Jan - 09/19/2005 by 09/19/2005
- Oracle Proxy Users - 09/21/2005 by 09/21/2005
- Meet the experts (Oracle Security) at Oracle Open World - an open standard for securing Oracle - 09/24/2005 by 09/24/2005
- A new paper on a security hole in Application Server Control - 09/25/2005 by 09/25/2005
- Another Larry news article on security from OOW - 09/26/2005 by 09/26/2005
- Quite a nice post about debugging with DBMS_DEBUG - 09/27/2005 by 09/27/2005
- More details on default failed_login_attempts - 09/29/2005 by 09/29/2005
- more failed_login_attempts! - 09/30/2005 by 09/30/2005
Archives
Syndication
Powered by gm-rss 2.0.0
