Security Blogs

Oracle 23c Deprecated Parameters that could Affect Data Security

Pete Finnigan - Mon, 2023-06-05 10:26
Let us have a brief look at Oracle 23c database parameters marked as deprecated in the database that can be in some respect related to security. Here are the parameters are marked as deprecated in 23c: SQL> col name for....[Read More]

Posted by Pete On 05/06/23 At 11:24 AM

Categories: Security Blogs

Creating a DIRECTORY - Forensics Example in 23c

Pete Finnigan - Fri, 2023-05-26 12:06
I want to talk about the foibles of DIRECTORY creation in the Oracle database. This is not a 23c specific issue but one that goes back years. I want to understand what rights and objects are created when we make....[Read More]

Posted by Pete On 26/05/23 At 01:29 PM

Categories: Security Blogs

Are Oracle 23c Shipped Profiles Weak

Pete Finnigan - Tue, 2023-05-23 10:46
Whilst the 23c version shipped by Oracle is a free developer release we should not complain as its free and we should also recognise that this is not production and this 23c version is not intended to be used in....[Read More]

Posted by Pete On 23/05/23 At 02:09 PM

Categories: Security Blogs

Are we Securing Oracle or are we Securing Data in Oracle?

Pete Finnigan - Mon, 2023-05-15 19:26
I have spoken about this before in this blog and I have advised and taught people for years about the same idea. My focus is Oracle Security but what does that mean? I always tell people we are NOT securing....[Read More]

Posted by Pete On 15/05/23 At 01:59 PM

Categories: Security Blogs

Oracle 23c Schema Level Grants

Pete Finnigan - Tue, 2023-05-09 16:46
One of the new security features added in Oracle 23c and one which we can use and test in the 23c FREE database released by Oracle is the ability to now grant ANY privileges at the schema level and not....[Read More]

Posted by Pete On 09/05/23 At 01:48 PM

Categories: Security Blogs

Oracle 23c Dictionary Protection

Pete Finnigan - Tue, 2023-05-02 19:46
One of the new features of 23c Free is dictionary protection. This is clearly a replacement for the o7_dictionary_accessibility parameter that used to protect the SYS schema from system "ANY" privileges. SELECT ANY DICTIONARY was added to bypass this to....[Read More]

Posted by Pete On 02/05/23 At 03:02 PM

Categories: Security Blogs

Oracle 23c New Longer 1024 Character Passwords

Pete Finnigan - Tue, 2023-04-18 07:26
One of new security features of 23c that was mentioned before the Free developer release was that passwords can now be 1024 characters in length, much longer than the previous length of 30 characters. Julian mentioned this in his list....[Read More]

Posted by Pete On 18/04/23 At 10:26 AM

Categories: Security Blogs

Oracle Protected Users in 23c

Pete Finnigan - Fri, 2023-04-14 12:06
In looking at the new Oracle database 23c Free developer release I noticed a new column in the DBA_USERS view called PROTECTED. A search of the 23c documentation and google and also the newly released 23c security guide didn't shed....[Read More]

Posted by Pete On 14/04/23 At 02:14 PM

Categories: Security Blogs

The New DB_DEVEOPER_ROLE in Oracle 23c

Pete Finnigan - Fri, 2023-04-07 15:06
One of the new security features of Oracle database 23c that was mentioned at the end of last year in talks such as the keynote at the UKOUG was the inclusion of a new developer role for developers to use....[Read More]

Posted by Pete On 07/04/23 At 01:19 PM

Categories: Security Blogs

Oracle Database Free 23c - Database Security

Pete Finnigan - Thu, 2023-04-06 02:26
The Oracle 23c database was released on Wednesday for download either as an rpm, a docker image or a pre-defined VirtualBox VM. The links to download 23c and some initial details are here . I chose to download the Oracle....[Read More]

Posted by Pete On 06/04/23 At 07:47 AM

Categories: Security Blogs

Free Tool to Check The Privileges of an Oracle User or Role

Pete Finnigan - Thu, 2023-03-30 23:46
I created a set of free tools to check permissions in an Oracle database almost 20 years ago and they are still relevant and used today and still get downloaded a lot even now. This month alone there has been....[Read More]

Posted by Pete On 30/03/23 At 01:52 PM

Categories: Security Blogs

20 Years of Securing Data in Oracle Databases

Pete Finnigan - Thu, 2023-02-09 07:46
This Sunday, the 12th of February 2023, is the 20th anniversary of the formation of my company Limited. Wow, 20 years has gone so fast and its appropriate to take stock and see where we have been and how....[Read More]

Posted by Pete On 09/02/23 At 10:48 AM

Categories: Security Blogs

Looking for GRANT ALL on objects

Pete Finnigan - Fri, 2022-10-21 15:26
This is the second part of the GRANT ALL on objects post that I made recently. This final look at this issue covers a simple SQL script that can be used to locate common objects where GRANT ALL has been....[Read More]

Posted by Pete On 21/10/22 At 10:14 AM

Categories: Security Blogs

Adding Scripting Languages to PL/SQL Applications - Part 1

Pete Finnigan - Sat, 2022-10-01 01:06
That is an interesting title. PL/SQL is a scripting language so why would I want to talk about adding another scripting language to PL/SQL or even adding a compiler to PL/SQL. First what possibilities are there? PL/SQL can be used....[Read More]

Posted by Pete On 30/09/22 At 12:49 PM

Categories: Security Blogs

Granting ALL on Database Objects

Pete Finnigan - Tue, 2022-08-09 09:06
I was asked by a friend a few days ago a few questions related to the granting of ALL on a database object such as a table or a PL/SQL package. For example - GRANT ALL ON OWNER.TABLE TO DAVE....[Read More]

Posted by Pete On 09/08/22 At 12:46 PM

Categories: Security Blogs

Do You Worry Your Companies data is Being Stolen?

Pete Finnigan - Fri, 2022-08-05 13:26
The number of data breaches is seemingly growing daily and a lot of companies worry that they could be the next statistic of misery and embarrassment. Do you lose sleep worrying that your company could be breached and its data....[Read More]

Posted by Pete On 05/08/22 At 12:47 PM

Categories: Security Blogs

Searchlight a Product to Make Finding Data Easy

Pete Finnigan - Fri, 2022-07-29 16:26
Do you need to comply with GDPR and protect personal data but have no idea where to start to locate that data? Searchlight; is a tool to find your data . Limited have become the reseller for a great....[Read More]

Posted by Searchlight On 29/07/22 At 11:22 AM

Categories: Security Blogs

Oracle Security - Hidden Grant When Create a Role and Revoke in a CDB

Pete Finnigan - Tue, 2022-06-07 18:26
I am keen to reduce grants made in any customers database. One area we can focus on is this curios state of affairs that the creator of a role in the Oracle database is also granted that role as part....[Read More]

Posted by Pete On 07/06/22 At 10:31 AM

Categories: Security Blogs

Adaptive Database Auditing and Security

Pete Finnigan - Wed, 2022-05-25 19:06
We are working with customers to design security for their Oracle databases and also to help and design audit trails. An audit trail is the easiest countermeasure or control that can be added to a database because if you do....[Read More]

Posted by Pete On 25/05/22 At 07:38 PM

Categories: Security Blogs

The challenges of securing data in an Oracle database

Pete Finnigan - Wed, 2022-05-11 07:06
I will be doing a talk at an even in Eight Members Club Bank, 1 Change Alley, London,EC3V 3ND on the 14th June 2022. The event runs from 8am to 10am. The event is free to attend and to register....[Read More]

Posted by Pete On 11/05/22 At 10:04 AM

Categories: Security Blogs


Subscribe to Oracle FAQ aggregator - Security Blogs