Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Bell Labs Dept 1127 has finally gone"] [Next entry: "Alex Kornbrusts Black Hat presentation on reverse engineering Oracles encryption packages"]

Doug talks again about ? and catpatch.sql



I saw an interesting post this evening on Doug's blog titled http://oracledoug.blogspot.com/2005/08/more-on-and-catpatchsql.html - (broken link) More on ? and catpatch.sql. This follows on from Doug's previous post " http://oracledoug.blogspot.com/2005/08/shortcut-for-oraclehome.html - (broken link) ? shortcut in sqlplus and my comments in "Some good tips on Dougs blog?".

Doug has been digging through various installations both at home and at work looking for examples of the "?" short cut for ORACLE_HOME in Oracle's scripts. It took some finding but he eventually found one example in catpatch.sql. The fact that he had great trouble finding an example perhaps emphasises the issues discussed before that running a script from a remote client that also has Oracle installed would result in the remote version of the script being run rather than the local one. This could be a serious issue. The fact that Doug found his only example in catpatch.sql is also a worry considering the recent issues with installing patches.