Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Some news stories about the josh oracle password paper"] [Next entry: "UKOUG tomorrow"]

Oracle Express - friend or foe?

I saw with great interest the post by Wim titled - (broken link) oracle express edition stating that a free version of Oracle has finally become available. Its called Oracle Express and is available from "" and there is a news item about it on - (broken link) Basically its a free database that is pre-linked and is quite small 180MB, native installers, free redistributable, some restrictions, can use for production (accounting for the restrictions). It comes with HTMLDB pre-installed. This looks like a fantastic idea and great for small businesses.

Its a cut down 10g R2 and is available for Windows and Linux. Sergio has also talked about it in a post titled " - (broken link) Oracle Database 10g Express Edition Comes With HTML DB Pre-configured. Sergio's post includes some useful links to a tutorial and a getting started guide. Niall's post titled "Expressing ones self" is interesting as it includes some screen shots of it installed and running and also discusses some of the restrictions and also a comparison to the new SQL Server Express product (also free).

Howard in his post "Expressly Cold" is not totally impressed and on the whole and thinks Oracle Express will be a distraction. Also the one thing that filled me with fear is the lines in the comments at the bottom of this post from the getting started guide that says " Ensure that both CONNECT and RESOURCE are enabled.". Finally Steve points out in his post "Free Oracle 10g Express Edition" that JDeveloper 10g is a great resource for Java / J2EE development and free on Oracle Express.

I will download it after UKOUG and have a proper look from a security perspective.