Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
There are 50 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog

Home » Archives » August 2006 » How not to create user authentication

[Previous entry: "Oracle's Ellison to take stage at next RSA confab"] [Next entry: "Nice post on an undocumented function - Reverse"]

How not to create user authentication

August 31st, 2006 by Pete

I saw a post on the LogicaCMG blog - Blogging about Oracle a few days ago and made a note to talk about it here. This post is titled "How to create a nice big security leakā€¦" and is interesting to me for two reasons. The first is that the guys decided to try and break their own applications to test their own security. This is great, everyone should start to think about doing these sorts of tests (with permission of course). This shows that people are realising that application and database security is as inmportant as the old bastions of security such as firewalls, virus protection...

The second reason I was interested was because of the problem which these guys found. The code was written to be functional, i..e to perform a function without thinking about how it could be abused. Anyone who writes applications nowadays especially applications connected to the Intranet or Internet and even more especially if they use databases needs to think security first. Why if they use databases? - well because there is now a trend to steal data from databases, whereas the old security issues seemed to center around the fact that some spotty kid in their bedroom would dial up and hack your servers, the world has moved on, data is big business now.

August 2006

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

Atom 0.3 FEED
Powered by gm-rss 2.0.0

Valid XHTML 1.0!