Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle's Security Plans"] [Next entry: "Oracle 11i and SSO"]

A portal exploit or security advice

I saw a very nice post on the IT-Eye blog tonight titled "How to prevent Oracle Portal edit mode" which describes how its possible in most Portal implementations if they have not been secured to access the edit mode. This is a security problem for Portal. The post goes on to show to mod_rewrite rules to block any URL with &_mode=16 added to it and even how to redirect to an error page. Nice post and info.