Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Security is the password"] [Next entry: "Fataler Fehlalarm bei McAfee VirusScan"]

A site move (not far!) and some planned improvements and changes coming

I have been thinking about changing some of the features of my site for quite sometime now and even mentioned some of them here in this blog before, particularly to do with CMS's and spam prevention. Now I have finally gone ahead with looking into some of the issues and improvements and starting on the implementations. I want to talk breifly about some of the changes I have planned and also request for some help.

Update Frequency

Due to various committments and being very busy of late I have not had much time to write detailed blog entries for some weeks now but I managed to keep my blog going by highlighting some of the key news events that have been going on in the Oracle security world. More on improving this later in this entry. This will hopefully change over the coming weeks as I want to try and get back to some examples, some good content, some tools and some examples.


I have been using shared hosting for quite a few years now for and have been frustrated recently by some of the hindrances. These are mainly around fighting spam and particularly referral spam. I was not able to use mod_rewrite for instance or have access to firewall facilities, either harware or software (ipchains) and my site has been down a few times recently due to issues mostly with other peoples sites on the same server. I have been thinking about the size of my site andhow that fitted with the space allocations available at my ISP. I have some plans to increase the usefulness of my site and that it turn means needing more space.

Therefore I spent some time a few weeks ago listing out over 30 companies / ISP's here in the UK that provide dedicated servers. i found out costs per month, disk space, RAM, speed, other featutres etc and listed them all on a peice of A4 in a table to see if I could spot who hd the best deals. I did not include my current ISP (UK Linux) as they did not actively promote dedicated servers but i asked them if they could do it and costs etc and was pleasantly surporised at how competitive they are. There are a small number of very cheap servers available by the way but I was not convinced by these for other reasons, my ISP is very competitive so I have decided to stay with them. I have been happy with their good service for a few years now.


I am planning to have some new features on my site and also some features that are less obvious (i.e. they help me!). I have talked before about the limitations of Greymatter and in a couple of weeks once the dedicated server is up and running I will most likely move to Wordpress. This is for a number of reasons. The most important being its more modern and has features like draft posts, categories and comment management. I really want to open up comments again on this blog.

I am not sure about how to migrate to the new blog software. There are facilities to import greymatter entries but i am not convinced about how that would work with SEO issues. I may take the "Mark Rittman" route and simply leave the old posts in place and start afresh. The main page would occupy the same URL (although I need to look at how that works with a .php main page instaed of my static .html page now) and the feed would need to stay the same. The rest would be new URL's and the old greymatter posts would stay where they are.

I have been thinking about admin and CMS's. I have spent a lot of time readning about CMS systems and I am not convinced. I think I will most likely stay with my ramshackle home grown admin page and functions for now. I would like to make the rest of the site (non blog, news, forum) template based and i have been reading around the Perl template library for this. The main driver for this would be to add to other pages more easily without editing raw HTML in UltraEdit. Things like my papers page, alerts, whatsnew etc. I may start simple and build an admin page for each main section and then try and template it.

I have also had a wiki installed on this site for almost one year but I have never made it available to the public yet. I have planned out exactly what is going to be in this and done some basic work on setting it up bit not enough to make it public yet. More on this soon.


I had a public stats page for over one year using webalizer to generate them but took it down a couple of months ago because of spam. Statistics and web measurement are an area I have been quite interested in. I added a web based one recently for a few weeks on a section of my sites pages (you may have noticed it) just to see how it works and what it can do. I think a combination of the page based stats and access_log's are needed to understand websites more. I probably wont make my stats public again because of the referral spam problems but it is an area I am very interested in. I have been playing with writing my own page based stats collection using Javascript and I plan to develop this further over the coming months - really just for interest and learning more about how websites work and are used.

Other sites

I have some other sites attached to this one, that unfortunately have not had much attention from me over the last 6 months or so. I plan to change this. Having an integrated blog package such as Wordpress that allows categories and other features will help me to update these sites more easily. Also when I get some sort of simple CMS up and running it will be easier to add content without tedious coding. The SQL Server security and mySQL security sites will hopefully get some of my attention as I am keen to learn something more about the security of these databases as well as Oracle and to apply some of the lessons I have learned with Oracle to those databases. Hopefully I will get time to add to my other sites as well from time to time.


I am also planning to spend some time to make my site a bit more compliant by changing the layout to CSS based rather than tables and also by cleaning up the HTML/CSS code. i have been looking at quite a few editors recently, more of that later. The basic styling will remain the same, simple design but my main trust i suppose is to make updating the site quicker and easier.


One of my other main reasons to got to Wordpress is the fact that it has a translation plug in available. I am pretty excited by this feature and thought it is one major reason to use the software. I know quite a lot of non-English speakers read my blog and it would be great to offer it in other languages as well. I also purchased some software to run on my PC to translate other blocks of text and I plan to translate as much of the static pages with that software as well. I cannot guarantee how good the translations are but its probably better than not having native languages for some people.


Some of you may have noticed that I advertise a newsletter and have written one entry almost three years ago. I have a lot of subscribers and basically have not had time to write a newsletter. This will also change. I plan to at least generate a simple regular newsletter that will include key forum posts, wiki posts, blogs and other major site changes. I have been playing with some software for this. In time I hope to actually write for the newsletter as well.

Help needed, call for papers, blog authors, blog hosting

Here is the help section. I read huge amounts on the net almost every day and search out new papers and news on Oracle security. I write a lot myself, either as part of this site or that doesnt get published. I thought it would be nice if people wrote anything about Oracle security that they might like to publish it here. I cannot pay anyone, I run this site in my own time but its non commercial and in fact it costs me money to host and run the site but if anyone would like to be published here I would be happy to post papers here. email me on pete_at_petefinnigan_dot_com if you have any papers you would like posting.

I was also thinking about Oracle security and blogging and was inspired by sites like Amis and Oracle WTF where there are a number of authors and wondered if anyone was interested to write guest blog entries, regular or sproadic or even one off here about Oracle security. Again if you are interested drop me an email at pete_at_petefinnigan_dot_com.

On the same lines if anyone would like to write any entries in other langauges - Russian, German or any other langauge then again please let me know, this would be useful.

Again on the same lines if anyone would like their own blog hosted here to talk about Oracle security, Oracle, SQL Server security, mySQL security. Oracle E-Business Suite or security, SAP.... then please drop me an email as well, i would be happy to host a blog for anyone.

Finally if anyone would like to moderate a foreign language forum on my forum particularly about Oracle security in any language then please also drop me a line and I can set it up.

I have ran this site alone for a long time and never really thought about it as a community project until recently. I know this site is useful to a lot of people. I can see this from the stacks of email i receive so I wondered if asking for help, contributions or whatever would also be great for the community at large.

OK, that's it for my summary of news and happenings on this site for today.