Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A new improved version of the woraauthbf Oracle password cracker is available"] [Next entry: "July 2008 Critical Patch Update is out - a remote un-authenticated exploit revealed"]

Archive and purge in a security context presentation slides available

I am on the train whizzing back to York at around 120mph after being down in sunny London all day at the UKOUG Archive and purge special event conference. I was presenting there on the subject of archive and purge in a security context. The event was at the Radission SAS Portman in Portman Square just off Oxford street and was well attended. I had some good chats with people there on a wide range of Oracle security subjects.

It is interesting to take note that there is an ever increasing interest in Oracle database security and that people are becoming more aware of the risks to data day by day, event by event. This is good, the message is getting through and people are starting work on securing data at its source, in the database. More on this tomorrow, I have a half written post developed on the back of a forum post about the movement in interest in Oracle security.

My presentation was a new one for this event and the slides can be downloaded from my Oracle security white papers page. It is the top entry (obviously now, if you are reading this some time later then scroll down a bit and search for it). There are two versions as usual, the full one slide per page and the smaller (to download) 6 slides per page version.

This was a very interesting subject for me and I wanted to get across two important messages. These are:

  • Consider archiving and purging of security data such as audit trails and logs

  • Consider the security of archived business data (and also security data)

These are important for me as they fall into a class of issue I see more and more. That is the fact that often when there is security of specific data implemented its often very focused. I.e if you secure the credit card data, you secure the credit card table only and not all the other places the credit card data exists in your database and outseide of it. Archive data falls exactly into the same space and issue.

It was a good event, London was hot, now I am off home to wait for the July 2008 CPU to be available later this evening UK time.