Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "An Appreciation of Auditing and Securing Oracle"] [Next entry: "Logging Errors in SQL*Plus"]

User Least Privilege in the Oracle Database

I have just posted my MS PPT slides for the first time to my website for a talk I did at the UKOUG conference in Liverpool in 2018. These slides are available for the talk UserLeast Privilege and I have also updated our Oracle Security White papers page with a link to these new slides.

This was a talk I did at the UKOUG conference in December 2018 held in Liverpool. This was a good conference and I gave this talk about least rights for users in the Oracle database. The talk starts off by looking at the layers that need to be considered when securing an Oracle database. We then talk about least privileges, what it is and how its hard to achieve in an Oracle database. We talked about the different types of actors involved and also at a high level how the database works and how data moves and is processed by Oracle (at a high level). We then demonstrated some tools to gather all of the existing granted rights in the database.

We then did a demo of hacking my sample database and also listed all of the issues we located or that contributed to this hack. There are many layers of problems but least privilege is the main one so we choose to fix this in my sample application and then show how it worked and reduced the extend of the attacks to nearly zero.

I finish by talking about the different types of privilege and how they affect the security of data

Please have a look at the MS PPT slides; they are newly posted to my site, for more details.

#oracleace #oracle #user #least #privilege