I have spent the longest time away from Oracle security blogging since I started doing it in almost one and a half years. We have been away on holidays for a week and no computer access. We spent some time relaxing and seeing the sites in Vienna and also meeting up with some old friends. I did manage to spend a little time on Oracle security as I took with me David Knox's book. I have read this book a couple of years ago when it came out but i decided to give it a re-read whilst away. I like to mark up books with pen and pencil comments especially when its something I am very interested in - I made quite a lot of comments in my copy of the book. I won't go into great detail here with my marked up comments as that would not be a fair appraisal of the book. To be honest the first time I read it I was less impressed than I was this time. I will give some more comments over the next few days as they relate to my current thinkings on a few areas of Oracle security that I am going to explore and try and work on...:-)
One point or example that I had forgotten about in this book is David’s short examples on revoking PUBLIC privileges. I liked these examples that explain quite well how to revoke PUBLIC privilegess from views and procedures/functions. I will go over these examples and expand in the next few days as I believe one of the big problems with Oracle installations is the PUBLIC privileges. If there were much less of these then a lot of the bugs/vulnerabilities found would be much much less significant.
more later.....
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "0rm has updated orabf the Oracle password cracker"] [Next entry: "CPU July 2005 and CPU October 2005 have problems!!"]
December 2005
- Pete Finnigan is back after a week away from blogging! - 12/03/2005 by 12/03/2005
- A sample package to manipulate LDAP - 12/04/2005 by 12/04/2005
- Oracle security checklist - 12/05/2005 by 12/05/2005
- Bugs - 12/06/2005 by 12/06/2005
- I am presenting at the DBMS SIG in Melton Mowbray about Oracle security - 12/07/2005 by 12/07/2005
- DBMS SIG conference today - A security focus - 12/08/2005 by 12/08/2005
- Good overview of SOA security - 12/09/2005 by 12/09/2005
- Arup's new book and some networking - 12/10/2005 by 12/10/2005
- A useful perl script to check for listener password brute force attempts - 12/11/2005 by 12/11/2005
- Integration Promises Still Haunting Oracle - 12/14/2005 by 12/14/2005
- The possible complexity level of Oracle database passwords is in question - 12/15/2005 by 12/15/2005
- Another way to monitor the listener log for brute force attacks - 12/16/2005 by 12/16/2005
- A new book "Cryptography in the Database: The Last Line of Defense" - 12/17/2005 by 12/17/2005
- Some more thoughts on the weakness of Oracle database passwords - 12/20/2005 by 12/20/2005
- Mary Ann Davidson announces that Fortify software will be used to find security holes in Oracle software - 12/21/2005 by 12/21/2005
- standalone discoverer clients now sso compliant for E-Business Suite users - 12/22/2005 by 12/22/2005
- A very happy christmas to everyone - 12/24/2005 by 12/24/2005
- State of the nation: referral spam, comments, content management, dedicated hosting and more - 12/29/2005 by 12/29/2005
- Spammers again... - 12/30/2005 by 12/30/2005
- More detailed analysis of the new Oracle worm - 12/31/2005 by 12/31/2005
Archives
Syndication
Powered by gm-rss 2.0.0
