Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Alex Kornbrust has a new paper on google hacking and Oracle"] [Next entry: "O'Reilly CodeZoo"]

An interesting post by Mark

I was browsing Orablogs this evening and saw an interesting post by Mark Rittman titled "Tom Kyte : "In Search Of The Truth"" mostly quoting from a post by Tom on his site titled "In Search of the Truth - Or Correlation Is Not The Same As Causation". I have skimmed through Toms post and mostly its about the ongoing discussion between him, Don, Mike and Jonathan.

I was particularly taken by Marks post though as he has pulled some great sections from Toms post that gives some good advice to anyone looking at Oracle and wanting to state some fact about it. Proof and testing is a great leveller (not always, though as the circumstances of the test case can matter) in understanding and also in stating advice on something. These sentiments can be applied to Oracle security, especially Oracle security. If you think something is insecure in the configuration of your database then test the scenario and prove the case to be insecure. I try to use example code whenever necessary in my writings as an example should always prove the case to be true or not and aid understanding.

Read Marks post and Toms as they give good advice to anyone wanting to test a theory (mostly the original posts made by Tom et al is to do with tuning but the sentiments are valid in any endeavour).