Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Colin tells us the WS-Security Jars are not available with the developers release"] [Next entry: "Auditing the SQL a black box application submits to the database"]

Mary Ann Davidson held a guru chat session at OOW



I just saw a post by justin kestelyn to the OTN at open world blog that talks about Mary Ann Davidsons guru chat at Oracle Open World today. Justin tells us that the room was standing room only and quite informative.

Mary Ann talked about the reasons for the choice of quarterly patch schedule and then took a series of questions from the floor, predictably the main subject being the problems of patching. Justin makes a great point that the OEM team need to carefully consider a more robust and proper patch management tool in future. I have said this before as well. What we need is a tool that can detect which patches (exactly which patches) have been applied; it should allow multiple patches to be applied on top of each other (or not) and reversed if needed. It should even also be capable of remotely pushing out patches to large numbers of databases across the network (ideally without stopping them - Is that asking too much??) - And i don't mean remotely from an Oracle website in the same manner as Windows OS patches.