http://www.petefinnigan.com/weblog/entries PeteFinnigan.com's weblog is the only weblog dedicated to Oracle security. en-gb Copyright PeteFinnigan.com Ltd 2005, All rights reserved. All trademarks are the property of their respective owners and are hereby acknowledged 2020-03-27T18:13:11Z Pete Finnigan (mailto:webmaster\@petefinnigan.com) Pete Finnigan (mailto:pete\@petefinnigan.com) PeteFinnigan.com's weblog is the only weblog dedicated to Oracle security. Pete Finnigan's Oracle security weblog http://www.petefinnigan.com/images/company_logo_1.gif http://www.petefinnigan.com/weblog/entries http://www.petefinnigan.com/weblog/archives/00001470.htm Two things most annoy me with the Oracle database in terms of securing it and this is the abundance of default users in most Oracle databases that I perform security audits on and also the massive amount of PUBLIC grants....<a href="http://www.petefinnigan.com/weblog/archives/00001470.htm">[Read More]</a> <p>Posted by Pete On 27/03/20 At 06:11 PM</p> http://www.petefinnigan.com/weblog/archives/00001469.htm I plan to try and write some Oracle security based blog posts whilst working from home. These promises when I have made them in the past usually end up not coming true due to other work and things getting more....<a href="http://www.petefinnigan.com/weblog/archives/00001469.htm">[Read More]</a> <p>Posted by Pete On 26/03/20 At 02:38 PM</p> http://www.petefinnigan.com/weblog/archives/00001468.htm Everyone must now be affected in some way about coronavirus. We had an inkling that Boris Johnson and his government would enact a more severe lock down in the UK. So in anticipation I decided on Monday that we needed....<a href="http://www.petefinnigan.com/weblog/archives/00001468.htm">[Read More]</a> <p>Posted by Pete On 25/03/20 At 01:27 PM</p> http://www.petefinnigan.com/weblog/archives/00001467.htm I have read on line about XS$NULL over the years and particularly the documentation that states that it has no privileges. The documentation states the following: An internal account that represents the absence of a user in a session. Because....<a href="http://www.petefinnigan.com/weblog/archives/00001467.htm">[Read More]</a> <p>Posted by Pete On 17/02/20 At 01:09 PM</p> http://www.petefinnigan.com/weblog/archives/00001466.htm There has been a rise on bug bounty programs and websites that help researchers find and disclose bugs to website and other owners with the hope of a payout from the owner of the vulnerable wesbsites. Some big well known....<a href="http://www.petefinnigan.com/weblog/archives/00001466.htm">[Read More]</a> <p>Posted by Pete On 11/02/20 At 10:09 AM</p> http://www.petefinnigan.com/weblog/archives/00001465.htm I posted about a discovery I made whilst testing for an issue in our PL/SQL code analyser checks in PFCLScan last week as I discovered that the AUTHID column in DBA_PROCEDURES or ALL_PROCEDURES or USER_PROCEDURES can be NULL; this caused....<a href="http://www.petefinnigan.com/weblog/archives/00001465.htm">[Read More]</a> <p>Posted by Pete On 28/01/20 At 03:11 PM</p> http://www.petefinnigan.com/weblog/archives/00001464.htm Note: Part 2 - PL/SQL Package with no DEFINER or INVOKER rights - Part 2 is available that takes this investigation further I always understood that PL/SQL objects in the database that are not explicitly changed to INVOKER rights....<a href="http://www.petefinnigan.com/weblog/archives/00001464.htm">[Read More]</a> <p>Posted by Pete On 24/01/20 At 03:19 PM</p> http://www.petefinnigan.com/weblog/archives/00001463.htm I needed to create a new 19c install yesterday for a test of some customer software and whilst I love Oracle products I have to say that installing the software and database has never been issue free and simple over....<a href="http://www.petefinnigan.com/weblog/archives/00001463.htm">[Read More]</a> <p>Posted by Pete On 06/12/19 At 04:27 PM</p>