Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Archive for November, 2008

Advanced Oracle Security Development

The code and slides for my talk was first made available at UKOUG’s web site http://conference.ukoug.org/default.asp?p=842&dlgact=shwprs&prs_prsid=3130&day_dayid=13 I have edited the content into Word . Below is the CREATE_DIRECTORY package I have written which means that users do not need to be granted CREATE ANY DIRECTORY in future. Updates to the package will be made to [...]

UKOUG 2008 Presentation Monday@17.55

Whilst preparing for UKOUG and talking to another well known Oracle Security expert I had some thoughts about the implications of the CREATE ANY DIRECTORY issue . Firstly the Oracle utilities could be overwritten with a new binary – LSNRCTL, SQL*PLUS, IMP, EXP and the debugger for instance. It is possible to execute OS binaries [...]

Cadfile

David Litchfield has written a new paper on Oracle Forensics which describes the usage of a new tool authored by David called Cadfile as a pun on Cadfael. The aim of both tools is to analyse the datafile without having to load it up into the Oracle Server software. The idea would be to first [...]

Database Vault Faults

Hello Oracle folks, Just read on Alex’s blog about a couple of Database vault faults. http://blog.red-database-security.com/2008/11/21/oracle-database-vault-privilege-escalation-exploit-published/ However the number of vulnerabilities in Oracle is not the main controlling factor to threat level. Note that the UK govt have suffered from an average of one data breach per week for the last year. The increased drive [...]