[Previous entry: "Pete Finnigan's InfoSec 2006 paper How to Secure Oracle in 20 Minutes"] [Next entry: "Hacking and hardening Oracle Express Edition - UKOUG 2006"]
Oracle XE, where are the security patches?
December 12th, 2006 by Pete
Post to del.icio.us
Post to Furl
At the UKOUG in 2005 Tom Kyte announced the arrival of the free Oracle Express Edition and after his talk I asked the first question, "what about security patches". He answered and after some time we did get a first patch. But that was it. Oracle XE is a great idea, a really free version of Oracle, that can be put to good use. BUT its not a good idea to expose it to the internet even via a web based application because of the bugs and the simple fact that there are no security patches available. Why not? - Tom said to me just after his keynote this year, "I didn't see you in there to ask a question?" - I travelled down by train and arrived half way through Tom's presentation and felt it rude to come in half way. Maybe I should have gone into Tom's presentation and asked about XE security patches, it worked last time.:-)
