Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Pete Finnigan's InfoSec 2006 paper How to Secure Oracle in 20 Minutes"] [Next entry: "Hacking and hardening Oracle Express Edition - UKOUG 2006"]

Oracle XE, where are the security patches?

At the UKOUG in 2005 Tom Kyte announced the arrival of the free Oracle Express Edition and after his talk I asked the first question, "what about security patches". He answered and after some time we did get a first patch. But that was it. Oracle XE is a great idea, a really free version of Oracle, that can be put to good use. BUT its not a good idea to expose it to the internet even via a web based application because of the bugs and the simple fact that there are no security patches available. Why not? - Tom said to me just after his keynote this year, "I didn't see you in there to ask a question?" - I travelled down by train and arrived half way through Tom's presentation and felt it rude to come in half way. Maybe I should have gone into Tom's presentation and asked about XE security patches, it worked last time.:-)