Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A new SQL Injection protection PL/SQL package"] [Next entry: "Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO"]

New presentation on Database Vault faults

Joxean Koret has today released a presentation titled Oracle Database Vault: Design Failures that explores some of the issues with database vault. Joxean points out that there are many ways to bypass database vault via the OS, trojanned libraries / DLL's and binaries and also he talks about the lack of segregation at the OS level, particularly that the database software and also the database vault software all run as the same operating system user. Some interesting thoughts on this product!