Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle security presentations"] [Next entry: "Security analysis of the JInitiator buffer overflows"]

Make Oracle PCI compliant



Damon sent me a good link to an 11g Oracle security paper on Oracle's web site that is worth mentioning here. The paper is titled "Oracle Database Security and the Payment Card Industry Data Security Standard" and is not a bad paper in terms of listing the PCI requirements and trying to relate them to the Oracle features that could be used to satisfy the requirement. This section is very "add-on" centric, such as recommending Oracle Database Vault and Oracle Audit Vault and Oracle Advanced Security Option and more. A lot of Oracle customers dealing with PCI probably would not have these addtions enabled. The paper would have been better if it offered "free" -in terms of the solution being available in your normal license - solutions instead or at least as alternatives. That said the paper is not bad as it gives anyone dealing with credit cards and PCI compliance with an Oracle database a head start.