OOW and Oak Table
Hi Oracle Security Readers,
OOW is here again and I will be giving a short “In a nutshell” presentation on 12c security which will include – 3 good and 3 not so good points about 12c, as well as future research directions.
The presentation will be at Table World http://www.kylehailey.com/oaktable-world/agenda/
This can be regarded as a short taster for the upcoming book. http://www.springer.com/computer/database+management+%26+information+retrieval/book/978-1-4302-6211-4
You know 12c does have some good features e.g. Definer Roles for Program Units, which works well, and has the potential to solve the majority of privilege escalations by removing the need for PUBLIC. Also TCPS is free on all DB versions now which is really great. Lots of work needed to test this upgrade integrates with other servers..
However there are some serious issues with 220.127.116.11.0 GA as a release, and also some design weaknesses that need to be borne in mind when implementing 12c. Additionally some of the issues found whilst testing 12c do port back to 18.104.22.168/4 which is a concern now.
I will be discussing the defenses to some of these issues in my Oak Table Presentation, and then later at Hacktivity in October https://hacktivity.com/en/hacktivity-2013/speakers/paul-m-wright1/. So OOW will get the defenses first!
Look forward to seeing you in San Francisco. Lastly I am in the process of transitioning general Oracle Security posts to www.OracleSecurity.Com which is hosted in the US.