Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Frank has a nice post about improvements to web application security"] [Next entry: "PeteFinnigan.com newsletter will be re-launched soon"]

Amis blog talks about SQuirrel - an open source database tool



I saw last week some time an entry in the Amis blog written by Alex Nuijten entitled "Oracle Open Source : SQuirrel" - As I am always interested in tools, debuggers, compilers, internals and the like I took a look at this entry.

In the world of Oracle security you cannot simply focus on parameter settings and privileges granted and default users passwords you need to understand the technology, how it works, how it’s installed and also how to delve deeper into it and finally how to efficiently access the database structures and data. To perform Oracle security audits I use a set of custom written SQL and PL/SQL and shell scripts that gather a huge amount of data about the database, the operating system, the software installation and networking applied to Oracle. These scripts give me a good overview of the security state of a database and its accompanied software installation.

Even though I use command line tools almost exclusively I also need to do manual checks and analysis based on what my scripts gather in the first sweep. I am therefore always interested in any tools to analyse the database particularly free ones like this.

This tool is written in Java and allows browsing of database structure, users, privileges etc. Its not as sophisticated as TOAD but then again its free and has ongoing development so could undoubtedly catch up. The SQuirrel too is available here.