Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A live file system Linux floppy disk rescue system"] [Next entry: "Ed had an interesting post yesterday about $ tables, DBA views and x$ tables"]

A good list of Oracle security check items



This mornings newsletter from DBA Village included in the news item section an entry http://www.dba-village.com/dba/village/dvp_links.LinkDetail?LinkIdA=1254 - (broken link) Oracle Security Checks. This looked like a subject that would interest me so I went to have a look.

If you go to the link yourself you will need a free registration on the DBA Village web site first before you can access it. The link actually referenced the policy pages on Application Security Inc's website. The poster said there are 1000 links there with Oracle security checks on them. This is not actually true as you will see, I added a note to the tip on DBA Village as some of these policy pages are for other products made available by Application Security Inc, such as their Domino tool or SQL Server tool. Some are for Oracle of course.

The poster also noted that there is no index page for all the checks/policies. I did a quick surf myself and did not find one. That doesn't mean there is not one :). Also there are holes in the sequence as i did a couple of random checks. The pages listed are of the form https://www.appsecinc.com/Policy/PolicyCheck1.html - (broken link) https://www.appsecinc.com/Policy/PolicyCheck1.html to https://www.appsecinc.com/Policy/PolicyCheck1000.html - (broken link) https://www.appsecinc.com/Policy/PolicyCheck1000.html according to the poster. I also did a quick search on google and found a similar page https://www.appsecinc.com/Policy/PolicyCheck2525.html.

Despite the fact that these pages are not indexed this is a great resource for Oracle security information.

There has been 2 Comments posted on this article


November 30th, 2004 at 06:10 pm

Pete Finnigan says:

Here is an index for the page:

http://www.appsecinc.com/cgi-bin/show_policy_list.pl?app_type=2&category=6

This allows you to manuever the checks.



December 1st, 2004 at 11:02 am

Pete Finnigan says:

Hi Aaron,

Thanks very much for this link, it will be very useful.

cheers

Pete