Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 60 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog


Home » Archives » November 2005 » Oracle Express - will we get security patches? - I truly hope so

[Previous entry: "UKOUG so far"] [Next entry: "Mary Ann speaks about security strategy"]

Oracle Express - will we get security patches? - I truly hope so

November 2nd, 2005 by Pete


I attended Tom Kytes keynote last night at the UKOUG and, like everyone there was interested to learn as much I could about Oracle Express edition, the new free cut down version of Oracle 10gR2 leaked on blogs last week and officially announced last night by Tom. Tom's speech was excellent mostly due to showing my web site and blog posting on this subject on the big screen at the beginning along with some other bloggers sites. Only kidding Tom, the speach was great, a free version of Oracle is the best news.

At the end of Toms speech I asked a question. "Will we get critical security patches for Oracle?". Tom's answer was that "off the record" he is pushing for it but its not decided internally. In fact he told me top blog about the issue here! I pointed out aftert Tom's answer that XE is likely to become very widely deployed on peoples desktop PC's, websites and many more. This. with the explosion of broadband useage effectively means more Oracle databases will be exposed to the world wild web. I pointed out as the number of Oracle instances grows the likelyhood of a slammer type worm grows. In fact I talked here yesterday about someone releasing a concept code for an Oracle worm on the full disclosure list. Whilst this worm did not do much a real one could follow brought on by wide deployment.

In security terms the attack surface will increase. For people who know a lack of patches can be worked around by not exposing the database but most people will download it or get it as part of another application and will not be aware and could expose the software. If critical bugs are found and become publically known everyone who downloads or deploys XE deserves recourse to security patches. Ideally XE would be included in the CPU updates and patches made available not via metalink.

Please Oracle, give us free access to security patches for XE!!

November 2005
SMTWTFS
  12345
6789101112
13141516171819
20212223242526
27282930   

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives


Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0


Valid XHTML 1.0!