Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "0rm has updated orabf the Oracle password cracker"] [Next entry: "CPU July 2005 and CPU October 2005 have problems!!"]

Pete Finnigan is back after a week away from blogging!



I have spent the longest time away from Oracle security blogging since I started doing it in almost one and a half years. We have been away on holidays for a week and no computer access. We spent some time relaxing and seeing the sites in Vienna and also meeting up with some old friends. I did manage to spend a little time on Oracle security as I took with me David Knox's book. I have read this book a couple of years ago when it came out but i decided to give it a re-read whilst away. I like to mark up books with pen and pencil comments especially when its something I am very interested in - I made quite a lot of comments in my copy of the book. I won't go into great detail here with my marked up comments as that would not be a fair appraisal of the book. To be honest the first time I read it I was less impressed than I was this time. I will give some more comments over the next few days as they relate to my current thinkings on a few areas of Oracle security that I am going to explore and try and work on...:-)

One point or example that I had forgotten about in this book is Davidís short examples on revoking PUBLIC privileges. I liked these examples that explain quite well how to revoke PUBLIC privilegess from views and procedures/functions. I will go over these examples and expand in the next few days as I believe one of the big problems with Oracle installations is the PUBLIC privileges. If there were much less of these then a lot of the bugs/vulnerabilities found would be much much less significant.

more later.....