Pete Finnigan's Oracle security weblog
/weblog/entries
PeteFinnigan.com's weblog is the only weblog dedicated to Oracle security.en-gbCopyright PeteFinnigan.com Ltd 2005, All rights reserved. All trademarks are the property of their respective owners and are hereby acknowledged2025-07-10T14:05:41ZPete Finnigan (mailto:webmaster\@petefinnigan.com)Pete Finnigan (mailto:pete\@petefinnigan.com)PeteFinnigan.com's weblog is the only weblog dedicated to Oracle security.Pete Finnigan's Oracle security weblogPete Finnigan's Oracle security webloghttp://www.petefinnigan.com/images/company_logo_1.gif
/weblog/entries
Detecting Abuse or attacks of an Oracle Database with PFCLATK
/weblog/archives/00001600.htm
We have a product PFCLATK that is now version 5.0.64.1506 but started out back in 2009 as a way to get customers to deploy useful audit trails quickly. It was perceived then and still now that adding audit trails or....<a href="/weblog/archives/00001600.htm">[Read More]</a> <p>Posted by Pete On 10/07/25 At 02:04 PM</p>Privilege Escalation from GRANT ANY ROLE to DBA - Or is it?
/weblog/archives/00001599.htm
Emad just made a blog post - Oracle 23ai Privilege Escalation From GRANT ANY ROLE to DBA Role - that shows how he escalated from GRANT ANY ROLE to DBA. There are some issues with his example but I will....<a href="/weblog/archives/00001599.htm">[Read More]</a> <p>Posted by Pete On 03/07/25 At 09:25 AM</p>Happy Anniversary to Saving Lives and My Degree and ACE Pro Membership
/weblog/archives/00001598.htm
Some brief news on Oracle and Security and personal news!! I was emailed a couple of weeks or so ago that I was awarded membership of the Oracle ACE program for now until end of May 2026 and yesterday I....<a href="/weblog/archives/00001598.htm">[Read More]</a> <p>Posted by Pete On 26/06/25 At 09:45 AM</p>A Brief History of PFCLScan - Database Security scanner
/weblog/archives/00001597.htm
This is a short history of our PFCLScan product and therefore also a history of the other apps now built on top of PFCLScan such as PFCLObfuscate , PFCLCode , PFCLForensics and more. Obviously after such a long time and....<a href="/weblog/archives/00001597.htm">[Read More]</a> <p>Posted by Pete On 15/05/25 At 10:15 AM</p>PeteFinnigan.com is now HTTPS
/weblog/archives/00001596.htm
It has been a long time coming but I have finally got this website running on HTTPS / SSL. Google have been pushing webmasters and site owners to move to HTTPS for more than 10 years. Google in fact stated....<a href="/weblog/archives/00001596.htm">[Read More]</a> <p>Posted by Pete On 13/05/25 At 02:07 PM</p>Embed Scripting Languages in PL/SQL Programs
/weblog/archives/00001595.htm
One of the goals of creating an interpreter written in PL/SQL to execute a custom language was for our use in our tools. We wanted to be able to ship PL/SQL and customise it after its deployed without re-compiling the....<a href="/weblog/archives/00001595.htm">[Read More]</a> <p>Posted by Pete On 14/04/25 At 12:11 PM</p>The search for existing encryption and wallets in the database
/weblog/archives/00001594.htm
In the first blog in this series we discussed the main issue with using DBMS_CRYPTO to encrypt data within the database. This is the lack of key management provided by Oracle natively for use with this package. I had intended....<a href="/weblog/archives/00001594.htm">[Read More]</a> <p>Posted by Pete On 07/04/25 At 01:25 PM</p>Encryption Key Management with DBMS_CRYPTO
/weblog/archives/00001593.htm
I often get asked how to use DBMS_CRYPTO to encrypt data in the Oracle database. Or I used to be asked how to use DBMS_OBFUSCATION_TOOLKIT when it was the go-to encryption in an Oracle database. Before we go far; this....<a href="/weblog/archives/00001593.htm">[Read More]</a> <p>Posted by Pete On 02/04/25 At 02:22 PM</p>