I have spent the longest time away from Oracle security blogging
since I started doing it in almost one and a half years. We have been away on holidays for a week and no computer access. We spent some time relaxing and seeing the sites in Vienna and also meeting up with some old friends. I did manage to spend a little time on Oracle security as I took with me David Knox's book. I have read this book a couple of years ago when it came out but i decided to give it a re-read whilst away. I like to mark up books with pen and pencil comments especially when its something I am very interested in - I made quite a lot of comments in my copy of the book. I won't go into great detail here with my marked up comments as that would not be a fair appraisal of the book. To be honest the first time I read it I was less impressed than I was this time. I will give some more comments over the next few days as they relate to my current thinkings on a few areas of Oracle security that I am going to explore and try and work on...:-)
One point or example that I had forgotten about in this book is Davidís short examples on revoking PUBLIC privileges. I liked these examples that explain quite well how to revoke PUBLIC privilegess from views and procedures/functions. I will go over these examples and expand in the next few days as I believe one of the big problems with Oracle installations is the PUBLIC privileges. If there were much less of these then a lot of the bugs/vulnerabilities found would be much much less significant.