Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle security checklist"] [Next entry: "Oracle PL/SQL for DBA's"]


I saw yesterday Eddie's post titled "Ten Worst Software Bugs" and went for a look with interest. Eddie has listed some of the supposed worst software bugs ever including the original real bug found in a relay in 1945 with a photo of the actual bug taped to a log. Why am I interested in this post? - Because security issues in Oracle fall into two broad camps. Actual bugs that are exploitable for security advantages i.e. an escalation or privileges and the second camp is the configuration issues such as allowing access to the data dictionary so that anyone can select password hashes and then crack passwords. This post by Eddie reminded me of the book Expert C Programming by Peter Van Der Linden that also includes a section about bugs in software. It included the same mariner bug that Eddie quoted. I liked this book very much, in fact this is in my view one the best C programming books I have ever read and I have read and actually own quite a lot of them over the years.