Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 44 visitors online    

Pete Finnigan's Oracle security weblog


Home » Archives » March 2009 » Presentation on using VPD in the real world available

[Previous entry: "IOUG Critical Patch Update Survey Results Are Out"] [Next entry: "SQL Injection Exploitation techniques"]

Presentation on using VPD in the real world available

March 20th, 2009 by Pete

Post to del.icio.us   Post to Furl   Digg!

I was down at the UKOUG DBMS SIG in Slough on Tuesday to speak at the event on the subject of using VPD in the real world. The presentation slides are available, as usual as a pdf of one slide per page and also as a pdf of 6 slides per page to help anyone with slow download speeds. The files are identified with sizes. You can find these on my Oracle Security White Papers page.

The day was eventful as I caught two trains booked well in advance to get cheaper tickects and just my luck the morning train was cancelled as was the evening one. In both cases it turned out OK, in the morning I actually was allowed on the much faster (read expensive tickets) train before and in the evening i had to catch a train ten minutes later so not too bad. It was a nice day for meeting people, Paul spoke to me on the phone as I drove to the station for the train to ask a question about my presentation, which lead him, Jonathan Lewis and myself to discuss privileges around VPD on the walk back to Slough train station. I have made some notes around this and its a good enough subject for a detailed post here so watch out for that in the next day or so.

The talk went well, i had some good discussions with some of the people attending afterwards. The focus of the talk is not on the nitty gritty of using or coding with VPD (Virtual Private Database) but the focus is around the issues of using an additional security feature such as VPD with an application and Oracle. There is a tendancy for people to look at products like VPD and implement and go without any thought around the fact that you must also secure VPD, you must design your VPD implementation to ensure that it cannot be compromised or bypassed. The focus of the talk was around these issues. I also had a simple demo that is contained in one script called vpd2.sql which is also available from my scripts page.

March 2009
SMTWTFS
1234567
891011121314
15161718192021
22232425262728
293031    

About

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Search weblog

Home and Archives

Weblog Home
Weblog Archives

Recommended reading

Oracle Security Step-by-Step (Version 2.0)

Useful links

Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Other useful blogs

Web Development
SQL Server Security

Syndication - Feeds

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0

Other Links




View Pete Finnigan's profile on LinkedIn

Pete Finnigan

Create Your Badge



Valid XHTML 1.0!