[Previous entry: "A new SQL Injection protection PL/SQL package"] [Next entry: "Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO"]
New presentation on Database Vault faults
October 29th, 2007 by Pete
Post to del.icio.us
Post to Furl
Joxean Koret has today released a presentation titled Oracle Database Vault: Design Failures that explores some of the issues with database vault. Joxean points out that there are many ways to bypass database vault via the OS, trojanned libraries / DLL's and binaries and also he talks about the lack of segregation at the OS level, particularly that the database software and also the database vault software all run as the same operating system user. Some interesting thoughts on this product!
