Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "BlackHat Last week"] [Next entry: "How to Unwrap PL/SQL BlackHat las vegas 2006 presentation slides are available"]

Tom has an interesting post on Security via obscurity



I spotted a nice post on Tom's blog today that was posted a couple of days ago. Toms post is titled "Security via obscurity..." and it talks about an email sent to Tom about his AskTom site displaying schema details when it errors. Tom points out that his site is not vulnerable to SQL Injection as he uses binds for all dynamic SQL and does not concatenate. This is an interesting post around SQL injection issues and security in general, particlularly the issues around defence in depth and security through obscurity.