Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "The hacker resistant database"] [Next entry: "The Patch Impasse: Front line perspectives from enterprise IT"]

An excellent post by Lucas about object chnages and RSS feeds

This is like heaven for me, a post about my favourite subjects together. I obviously mean Oracle security in the sense of object changes and I also mean the discussion of RSS feeds. I am also interested by website development and RSS, XML-RPC amongst othre things. I have just last week set up a perl script to automatically ping weblog directories from Greymatter.

Lucas has posted a very interesting paper on the Amis blog titled "Publishing Data Manipulation as an RSS Feed - using Oracle MOD_PLSQL and Flashback" that describes how the Oracle HTTP server, mod_plsql and PL/SQL can be used to generate an RSS feed of changes that have occured in the database.

This is quite an interesting idea and one that sounds quite useful to get the data where it is needed quickly. Having alerts sent straight to a newsreader is a good idea in principle. There are issues of course such as the need to have a HTTP server in the database and the security of the feed itself in terms of data leakage and also potential for alteration.

I talked about a similar subject when i worked at Pentest, that is the useof timestamps to detect changes in database structure. The paper was called "Have your objects been tampered with?"