Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Archive for November, 2009

UKOUG Agenda

So UKOUG next week, where I will be attending Monday and Tuesday. There are quite a few Oracle security presentations some of which are listed below. Many of the presentation pdfs have already been posted on UKOUG’s site, so you can print them off before attending if you wish. 10:45 – 11:45 Hall 1 Server [...]

PUBLIC ROLE AND DEFINER RIGHTS

Hi All, I received Applied Oracle Security in the post this weekend from Amazon. Yes they are still selling actual books, as well as offering Amazing Elastic Clouds to the masses. Being Oracle Press I expected the book to be from the Oracle vendor perspective, but having said that David Knox’s previous Oracle Press book [...]

DAMS for Post and PRE-CPU Change Management

When a new CPU/PSU comes out a package is known to be vulnerable e.g. SYS.DMP_SYS (CVE-2009-1007) but applying the patch may be too risky and/or take too long to test before deployment. CPUs are complex and their effect cannot be predicted. The strategy has to be one of install on QA and stand well back [...]

Oracle Security Summary

Hi Folks, Here is an Oracle Security Summary: Alexandre has published some PoC code for CVE-2009-1991 at http://dsecrg.com/pages/vul/show.php?id=110. The new UKOUG SCENE Journal has been published with an emphasis on “Security in the City“ and UKOUG have kindly highlighted an article of mine on Database Application Monitoring systems used for financial transparency. The main thrust [...]

Oracle Identity Integrity

Security in a multi-user system relies on individuality of account access and Identity Integrity. The ability to assume the identity of another user is one of the most powerful privileges that exists and should be monitored and logged using a Database Activity Monitoring System both for compliance, assurance and good practice. Client supplied identity information [...]