Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Conferences and Training Dates"] [Next entry: "Stopping a user from changing his own Oracle database password"]

Holidays, Patch re-releases and newsletters

We have been away for the past 8 or 9 days on a familly holiday so no blog posts over this last period. This holiday was strange, [Keep reading there is some Oracle security content coming!] OK not strange but interesting with some co-incidences.....We went to Northumberland and stayed near a town called Alnwich which I have not been to since I was a child; its around 130 miles from home so quite a distance.

One day we had been out and done stuff for our children and then ended up in Alnwich to go to buy some provisions from the supermarket. We had a leaflet for a shop called Barter-Books that is one of the biggest second hand book shops in the UK and as it was raining and also because my son likes trains we went to have a look as the shop is located in the old (closed) Victorian train station for Alnwich. I had a wander round with the baby and ran into an old friend from just over 30 years ago from my home town area, we had a good chat and all noted how it was strange co-incidence to meet all that distance from home. It was good as he also has contact with a school friend I have not seen for years and was trying to contact a year ago with no luck.

Then we left the book shop and walked back to the car park where we had left our car and then bumped into an ex-colleague from when I worked at Siemens Insight, he also didn't live in the area. Then on the next day we went to the beach at Bamburgh and then intended to get fish and chips for lunch at the town of Seahouses but we couldn't find anywhere to park so instead drove down the coast to Beadnall where I had seen a take-away fish and chip shop with parking and a grass area to sit down and eat. We went in and the person in front of us in the queue was Niel Chandler who was organising one of the UKOUG Sig's I talked at recently in London. All these co-incidences reminded me of when I was a child and my parents took us to France camping and we found out that the people in the tent next to us actually lived across the road from us back in England.

Whilst I was away Oracle have released an update notice for the July 2008 CPU (Critical Patch Update) for customers who have downloaded the patch for Windows Oracle databases on then the patch failed to install the sdotopo.jar file. The issue can be manually worked around by following these steps:

>cd %ORACLE_HOME%\md\lib
>copy sdotopo.jar sdotopo.jar_save
>cd files\md\lib
>copy sdotopo.jar %ORACLE_HOME%\md\lib\sdotopo.jar

The details are in Metalink note 579285.1 - Critical Patch Update July 2008 Database known Issues.

Finally I have been working on my companies / website newsletter. I have written a new newsletter for the first time in quite some time. There are a large number of subscribers and I have to be honest neglected them due to other work commitments and initially because I discovered blogging. I tried to send out the latest issue of the newsletter before we went away on holiday but it failed and I ran out of time. I got straight back onto this yesterday afternoon and tried to send it again. Apologies to anyone who has subscribed who may have actually received it more than once (I don't think that this is the case from talking with the ISP but I am unconvinced). I have had issues as more and more ISP's are now becoming spam concious and are stopping anything that looks like spam. This is actually annoying for legitimate businesses and the current trend seems to be driving people towards paying an ASP to send the emails for them. I want to avoid this if possible, not because I am a skinflint but because I simply don't want to host my subscriber list on any other site/ASP/IPS no matter how much they say they are genuine. I have tried and given up trying to send from my webserver as I have tried a number of packages and all are not reliable or need too much work to make them work properly. I then resorted to locally managed software on my PC. This also has failed (the attempt to send before my holidays and yesterday) - I now know why this is so. It is nothing to do with the software but again the ISP trying to prevent spam. After 45 minutes on the line to the help desk today I think I have a way forward. So another attempt to send out the newsletter will be made in a minute.

If anyone has any good comments on managing and dealing with ISP/ASP/Software etc around newsletters I would be interested to know.

I will say more about the newsletter soon; in terms of content, old issues, subscribing etc.