Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle security conferences, illness and ...."] [Next entry: "Oracle Defending Against SQL Injection Tutorial"]

A hint of Oracle's coding standards



I saw Mary Ann's interestingly titled post "Lies, Damn Lies, and Statistics" and had a read. The interesting part for me was the short discussion of the genesis and development around the Oracle secure coding standards that currently sits at 300 pages and has driven training classes and more. Its unclear what languages this is for, mostly C and PL/SQL I would guess. As a lot of customers code customisations for Oracle Applications, APEX and the Forms and Reports products and also write their own applications with PL/SQL, OCI and Pro*C and more it would be good if these standards could be accessed and used by all customers. Afterall Mary Ann states in the post that third party aquisitions are brought into line with these standards. If these are the standards defined by the vendor we would all like to get to the same level and also help improve them for the benefit of all.

There has been 2 Comments posted on this article


February 13th, 2008 at 10:52 pm

Pete Finnigan says:

Interesting information in Lutz's blog:
http://sysdba.wordpress.com/2008/02/09/tutorial-against-sql-injection/



February 14th, 2008 at 11:15 am

Pete Finnigan says:

Thanks for the link Kris (and Lutz!). cheers

Pete