Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed

UKOUG review

The dust has now settled so let’s see what has survived in the memory banks..
Tom’s presentation was entertaining with an application development security theme. I missed Alex Keh’s talk on AD which was a shame as looking at the slides it was a good talk (download password is at the bottom of the printed paper agenda given in the bags).
Instead I went to Slavik’s SQL injection talk and learnt some more ways to extrude data via error messages. Slavik’s talk was a good summary of the best of Oracle security research and was well attended. Then to Joel’s DBLinks presentation which was a well thought out methodical and thorough talk on how DB links behave in distributed and RAC environments. Finally to Pete’s Data Security talk which was good revision and again well attended with folks meeting up again in the evening for meet the speaker where I discussed the maximum SCN issue over DBLinks with Joel . The Security Roundtable the next day was a good opportunity to discuss new ideas, among those is the notion of Definer Rights Roles (akin to public but with the ability to revoke and deny the customizable Definer Rights Role from a user). The PL/SQL speakers did not understand the the security importance of this proposed feature when I had mentioned it at “meet the speaker” the night before, but found “like minds” at the security round table. It was inspiring to talk to people working for Oracle who are still highly motivated to improve the product and prepared to listen to folks outside of Oracle for ideas and user stories. Excellent.
In summary I think the networking aspect was probably the highlight of the conference ~ being able to meet other speakers and discussing ideas with them was Great..more to come on the some of the technical lessons learnt.

Leave a Reply

You must be logged in to post a comment.