Feed aggregator

Moving My Beers From Couchbase to MongoDB

Tugdual Grall - Sun, 2015-02-01 09:01
See it on my new blog : here Few days ago I have posted a joke on Twitter Moving my Java from Couchbase to MongoDB pic.twitter.com/Wnn3pXfMGi — Tugdual Grall (@tgrall) January 26, 2015 So I decided to move it from a simple picture to a real project. Let’s look at the two phases of this so called project: Moving the data from Couchbase to MongoDB Updating the application code to use Tugdual Grallhttps://plus.google.com/103667961621022786141noreply@blogger.com2

Getting started with iOS development using Eclipse and Java

Shay Shmeltzer - Fri, 2015-01-30 16:05

Want to use Eclipse to build an on-device mobile application that runs on iOS devices (iPhones and iPads)?

No problem - here is a step by step demo on how to do this:

Oh, and by the way the same app will function also on Android without any changes to the code :-)  

This is an extract from an online seminar that I recorded for one of Oracle's Virtual Technology Summits - and I figured people who didn't sign up for that event might still benefit from having access to the demo part of the video.

In the demo I show how to build an on-device app that access local data as well as remote data through web services, and how easy it is to integrate device features too.

If you want to try this on your own, get a copy of the Oracle Enterprise Pack for Eclipse, and follow the setup steps in the tutorial here.

And then just follow the video steps.

The location of the web service I accessed is at: http://wsf.cdyne.com/WeatherWS/Weather.asmx?WSDL

And the Java classes I use to simulate local data are  here.

Categories: Development

Oracle Audit Vault - Oracle Client Identifier and Last Login

Several standard features of the Oracle database should be kept in mind when considering what alerts and correlations are possible when combining Oracle database and application log and audit data.

Client Identifier

Default Oracle database auditing stores the database username but not the application username.  In order to pull the application username into the audit logs, the CLIENT IDENTIFIER attribute needs to be set for the application session which is connecting to the database.  The CLIENT_IDENTIFIER is a predefined attribute of the built-in application context namespace, USERENV, and can be used to capture the application user name for use with global application context, or it can be used independently. 

CLIENT IDENTIFIER is set using the DBMS_SESSION.SET_IDENTIFIER procedure to store the application username.  The CLIENT IDENTIFIER attribute is one the same as V$SESSION.CLIENT_IDENTIFIER.  Once set you can query V$SESSION or select sys_context('userenv','client_identifier') from dual.

The table below offers several examples of how CLIENT_IDENTIFIER is used.  For each example, for Level 3 alerts, consider how the value of CLIENT_IDENTIFIER could be used along with network usernames, enterprise applications usernames as well as security and electronic door system activity logs.



Example of how used

E-Business Suite

As of Release 12, the Oracle E-Business Suite automatically sets and updates client_identifier to the FND_USER.USERNAME of the user logged on.  Prior to Release 12, follow Support Note How to add DBMS_SESSION.SET_IDENTIFIER(FND_GLOBAL.USER_NAME) to FND_GLOBAL.APPS_INITIALIZE procedure (Doc ID 1130254.1)


Starting with PeopleTools 8.50, the PSOPRID is now additionally set in the Oracle database CLIENT_IDENTIFIER attribute. 


With SAP version 7.10 above, the SAP user name is stored in the CLIENT_IDENTIFIER.

Oracle Business Intelligence Enterprise Edition(OBIEE)

When querying an Oracle database using OBIEE the connection pool username is passed to the database.  To also pass the middle-tier username, set the user identifier on the session.  To do this in OBIEE, open the RPD, edit the connection pool settings and create a new connection script to run at connect time.  Add the following line to the connect script:




Last Login

Tracking when database users last logged in is a common compliance requirement.  This is required in order to reconcile users and cull stale users.  New with Oracle12c, Oracle provides this information for database users.  The system table SYS.DBA_USERS has a column, last_login. 


select username, account_status, common, last_login

from sys.dba_users

order by last_login asc;






















If you have questions, please contact us at mailto:info@integrigy.com

Auditing, Oracle Audit Vault, Oracle Database
Categories: APPS Blogs, Security Blogs

WebLogic Maven Plugin - Simplest Example

Steve Button - Fri, 2015-01-30 00:34
I've seen a question or two in recent days on how to configure the weblogic maven plugin.

The official documentation is extensive ... but could be considered TL;DR for a quick bootstrapping on how to use it.

As a late friday afternoon exercise I just pushed out an example of a very simple project that uses the weblogic-maven-plugin to deploy a web module.  It's almost the simplest configuration that can be done of the plugin to perform deployment related operations of a project/module:


This relies on the presence of either a local/corporate repository that contains the set of weblogic artefacts and plugins - OR - you configure and use the Oracle Maven Repository instead.  

Example pom.xml

Updated WebLogic Server 12.1.3 Developer Zip Distribution

Steve Button - Thu, 2015-01-29 18:50
We've just pushed out an update to the WebLogic Server 12.1.3 Developer Zip distribution containing the bug fixes from a recent PSU (patch set update).

This is great for developers since it maintains the high quality of the developer zip distribution and the convenience it provides - avoids reverting to the generic installer to then enable the application of patch set updates.  For development use only.

Download it from OTN:


Check out the readme for the list of bug fixes:


Annonce : Devenez expert Cloud Oracle !

Jean-Philippe Pinte - Thu, 2015-01-29 03:37
Vous souhaitez évoluer dans votre carrière?
Rejoignez l'un de nos partenaires pour devenir un expert des solutions Cloud Oracle !

Evènement: Oracle Virtual Cloud Summit

Jean-Philippe Pinte - Wed, 2015-01-28 16:08
4 séminaires en ligne :
  • Back up your Database securely to the Cloud
  • Move your Test & Development to the Cloud
  • Secure Document File-sync & share in the Cloud
  • Accelerate Application development in the Cloud
Enregistrez-vous à l'évènement Oracle Virtual Cloud Summit : http://cloud.oraclevirtualsummit.com

ERROR - CLONE-20372 Server port validation failed

Vikram Das - Wed, 2015-01-28 15:19
Alok and Shoaib pinged me about this error. This error is reported in logs when adcfgclone.pl is run for a R12.2.4 appsTier where the source and target instances are on same physical server.

SEVERE : Jan 27, 2015 3:40:09 PM - ERROR - CLONE-20372   Server port validation failed.
SEVERE : Jan 27, 2015 3:40:09 PM - CAUSE - CLONE-20372   Ports of following servers - oacore_server2(7256),forms_server2(7456),oafm_server2(7656),forms-c4ws_server2(7856),oaea_server1(6856) - are not available.
4:00 PM
SEVERE : Jan 27, 2015 3:40:09 PM - ERROR - CLONE-20372   Server port validation failed.
SEVERE : Jan 27, 2015 3:40:09 PM - CAUSE - CLONE-20372   Ports of following servers - oacore_server2(7256),forms_server2(7456),oafm_server2(7656),forms-c4ws_server2(7856),oaea_server1(6856) - are not available.
SEVERE : Jan 27, 2015 3:40:09 PM - ACTION - CLONE-20372   Provide valid free ports.
oracle.as.t2p.exceptions.FMWT2PPasteConfigException: PasteConfig failed. Make sure that the move plan and the values specified in moveplan are correct

The ports reported are those in the source instance.  Searching on support.oracle.com bug database I found three articles:




The situation described in the first two bugs is same.  The articles reference each other but don't provide any solution.

Logically thinking, adcfgclone.pl is picking this up from source configuration that is in $COMMON_TOP/clone directory.  So we did grep on subdirectories of $COMMON_TOP/clone:

cd $COMMON_TOP/clone
find . -type f -print | xargs grep 7256

7256 is one of the ports that failed validation.

It is present in

CTXORIG.xml and

We tried changing the port numbers in CTXORIG.xml and re-tried adcfgclone.pl and it failed again.

So we changed the port numbers of the ports that failed validation in

$COMMON_TOP/clone/FMW/ohs/moveplan.xml and

find . -name detachHome.sh |grep -v Template

The above command returns the detachHome.sh scripts for all the ORACLE_HOMEs inside FMW_HOME.  Executed this to detach all of them.

Removed the FMW_HOME directory

adcfgclone.pl appsTier

It succeeded this time.  Till we get a patch for this bug, we will continue to use this workaround to complete clones.

Categories: APPS Blogs

Innovating with Middleware Platform

Anshu Sharma - Wed, 2015-01-28 13:01

I was recently discussing with a partner executive on howOracle can help the ISV innovate. Decided to pen my thoughts here too -

1) WebLogicInnovation - WebLogic is our market leading App Server. The area which I wouldlike to highlight is Exalogic. Seeing more and more cases where Telco,Financial Services, Govt solution providers are seeing business benefits ofrunning their business critical application on Exalogic. With the upcominglaunch of Exalogic Cloud Software 12c and already available X5-2 hardware, WebLogicperformance on Exalogic will continue to get better. But more importantlypartners would be able to get a simplified experience, similar to Oracle PublicCloud, on Exalogic as explained in this blog post.

2) Middleware Platform for Industry solutions - Oracle SOASuite solves core integration challenges for Healthcareentities, Retailers/Manufacturers,Airlinesetc. Oracle BPM allows you to design complex processes for FinancialServices, Telcos, Public Sector etc. Oracle Event Processing allows you to analyzeand act on data from a variety of devices (IoT) in Fast DataSolutions being deployed in Telcos (Mobile Data offloading, QoSManagement), Transportation (Vehicle Monitoring), Retail (Real Time Coupons),Utilities (Smart Grids) etc. Partners providing process management and integrationsolutions for vertical industries can roll out innovations while keeping thelights running by deploying on Oracle Middleware Platform (SOA, BPM, OEP, WLS,Exalogic, Enterprise Manager).

3) Mobile Platform - Adoption ofmobility in enterprises offers tremendous opportunities to ISVs. We asked onepartner, RapidValue, to share their experience. In this writeup,RapidValue explains how they were able to use power of Oracle Mobile Platformto quickly bring to market a suite of Mobile Applications for Field Service,HRMS, Approvals, Order Management, Inventory Management, and Expense Management.

4) Public Cloud – In recent years theworld of application development has adopted new methodologies, like Agile,that improve the quality and speed in which applications are delivered. Toolssuch as automatic build utilities combined with continuous integrationplatforms simplify the adoption of these new methodologies. These tools areavailable in Oracle DeveloperCloud Service for every licensee of Java Cloud Service. 

Making DevOps Business Driven - a service view

Steve Jones - Wed, 2015-01-28 08:59
I've been doing a bit recently around DevOps and what I've been seeing is that companies that having been scaling DevOps tend to run into a problem: exactly what is a good boundary for a DevOps team? Now I've talked before about how Microservices are just SOA with a new logo, well there is an interesting piece about DevOps as well, its not actually a brand new thing.  Its an evolution and
Categories: Fusion Middleware

Updating a GitHub forked repository

Steve Button - Tue, 2015-01-27 17:27
Mostly a reminder to self but thought I'd post the link in case anyone else is looking for this.  More pointers the merrier.

Simple, straight forward steps to synchronise a forked repository with its upstream repository and keep it up to date.

Syncing a fork
Sync a fork of a repository to keep it up-to-date with the upstream repository.
Following these simple steps enables a forked repository to be easily and regularly updated with changes from the upstream repository. 

Up-to-date fork of the weblogic-docker repositoryTake care to read the final tip in the guide that notes that the steps only update a local copy - the fetch and merge changes still need to be pushed back to the GitHub remote repository.
Tip: Syncing your fork only updates your local copy of the repository. To update your fork on GitHub, you must push your changes.

Indexing Points to Remember

Pakistan's First Oracle Blog - Mon, 2015-01-26 18:54
Indexing depends upon the queries in the application.

There is no one-size-fits-all break-even point for indexed versus table scan access. If only a few rows are being accessed, the index will be preferred.

If almost all the rows are being accessed, the full table scan will be preferred. In between these two extremes, your “mileage” will vary.

A concatenated index is more useful if it also supports queries where not all columns are specified. For instance SURNAME, FIRSTNAME is more useful than FIRSTNAME, SURNAME because queries against SURNAME only are more likely to occur than queries against FIRSTNAME only.

Global indexes provide better performance for queries that must span all partitions.
Categories: DBA Blogs

UPDATED: Oracle EBS SYS.DUAL PUBLIC Privileges Security Issue Analysis (CVE-2015-0393)

Oracle E-Business Suite environments may be vulnerable due to excessive privileges granted on the SYS.DUAL table to PUBLIC.  This security issue has been resolved in the January 2015 Oracle Critical Patch Update (CPU).

On January 24, Oracle published additional information regarding this security issue in My Oracle Support Note 1964164.1.  Revoking of these privileges may cause “subtle timestamp corruptions” in the database unless database patch 19393542 is applied.

Integrigy has updated the information we provided on how to validate if this security flaw exists in your environment and how to remediate the issue based on the additional information provided by Oracle.  The remediation can be done without applying the January 2015 CPU, but requires the database patch to be applied first.

For more information, see Integrigy’s in-depth security analysis "Oracle EBS SYS.DUAL PUBLIC Privileges Security Issue Analysis (CVE-2015-0393)" for more information.

Vulnerability, Oracle E-Business Suite, Security Analysis, Oracle Critical Patch Updates
Categories: APPS Blogs, Security Blogs

Deploying Application Express with Delphix

Steve Karam - Sat, 2015-01-24 14:31

Seamless cloning of an application stack is an outstanding goal. Seamless cloning of an application stack including the full production database, application server, and webserver in a few minutes with next to zero disk space used or configuration required is the best goal since Alexander Graham Bell decided he wanted a better way tell Mr. Watson to “come here.”

So in the spirit of discovery, I’ve installed Oracle REST Data Services (ORDS) 2.0 and Oracle Application Express (APEX) 4.2 to a source Oracle database environment in my home Delphix setup. I’m going to:

  1. Sync the ORDS binaries with Delphix as a file source
  2. Sync the APEX binaries with Delphix as a file source
  3. Sync the ORCL database with Delphix as a database source
  4. Provision a clone of the ORCL database to a target linux system as DBDEV
  5. Provision a clone of the ORDS and APEX binaries to the target system

Some of you may be scratching your head right now thinking “What is Delphix?” I’ve written a few words on it in the past, and Kyle Hailey has quite a bit of information about it along with other links such as Jonathan Lewis explaining Delphix at OOW14.

If you’re into the whole brevity thing, here’s a short summation: Delphix is a technology you can sync nearly any kind of source data into and provision on demand from any point in time to any target, near instantly and at the click of a button, all without incurring additional disk space. What that means for your business is incredibly efficient development, faster time to market, and improved application quality. And if you want to see this in action, you can try it for yourself with Delphix Developer Edition.

Let’s use Delphix to deploy APEX to a target system.

Step 1. A look at the source

On the source environment (linuxsource, I have an database called “orcl”.

ORCL Source Database

In the /u01/app/oracle/product directory are ./apex and ./ords, holding the APEX and ORDS installations respectively.

Source Products Directory

When ORDS is started, I am able to see the APEX magic by browsing to and logging in to my InvestPLUS workspace. Here’s the pre-packaged apps I have installed:

Source System APEX Apps

Sweet. Let’s check out what I have set up in Delphix.

Step 2. Check out the Delphix Sources

You can see that I have the ORCL database (named InvestPLUS DB Prod), Oracle REST Data Services, and APEX homes all loaded into Delphix here:

Delphix Sources

When I say they’re loaded into Delphix, I mean they’ve been synced. The ORCL database is synced over time with RMAN and archive logs and compressed about 3x on the base snapshot and 60x on the incremental changes. The /u01/app/oracle/product/apex and /u01/app/oracle/product/ords directories have also been synced with Delphix and are kept up to date over time. From these synced copies we can provision one or more Virtual Databases (VDBs) or Virtual Files (vFiles) to any target we choose.

Step 3. Deploy

Provisioning both VDBs and vFiles is very quick with Delphix and takes only a few button clicks. Just check out my awesomely dramatized video of the provisioning process. For this demo, first I provisioned a clone of the ORCL database to linuxtarget ( with the name DBDEV.

Provisioning DBDEV to the target

Next I provisioned a copy of the ORDS home to the target at the same location as the source (/u01/app/oracle/product/ords) with the name ORDS Dev:

ORDS Dev on the target

And lastly I provisioned a copy of the APEX home to the target at the same location as the source (/u01/app/oracle/product/apex) with the name APEX Dev:

APEX Dev on target

In hindsight I probably could have just synced /u01/app/oracle/product and excluded the ./11.2.0 directory to get both ORDS and APEX, but hey, I like modularity. By having them separately synced, I can rewind or refresh either one on my target system.

Here’s the final provisioned set of clones on the target (you can see them under the “InvestPLUS Dev/QA” group on the left nav):

Provisioned Clones

Step 4. Check out the target system

Let’s see what all this looks like on the target system. Looking at the /u01/app/oracle/product directory on the target shows us the same directories as the source:

Target directories

I’ve also got the DBDEV database up on the target:

DBDEV on the target

To give you a glimpse of how Delphix provisioned the clone, check this out. Here’s a “df -h” on the linuxtarget environment:

Linux Target df command

What this is showing us is that the APEX Home, ORDS Home, and DBDEV clone are all being served over NFS from Delphix ( This is how Delphix performs a clone operation, and why we call it virtual: data is synced and compressed from sources into Delphix, and when you provision a clone Delphix creates virtual sets of files that are presented over the wire to the target system. You can think of Delphix as a backup destination for source databases/filesystems, and as network attached storage for targets. The clever bit is that Delphix uses the same storage for both purposes, with no block copies at all unless data is changed on the target VDBs or vFiles. Cool, right? On a side note and for the curious, Delphix can use dNFS as well for your Oracle VDBs.

Step 5. Reconfigure ORDS

On the source environment, ORDS is configured to connect to the ORCL database. On the target we’re going to the DBDEV database. So the one quick change we’ll need to make is to change the SID in the /u01/app/oracle/product/ords/config/apex/defaults.xml file.

[delphix@linuxtarget ords]$ vi config/apex/defaults.xml
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<comment>Saved on Wed Jan 14 08:38:04 EST 2015</comment>
<entry key="cache.caching">false</entry>
<entry key="cache.directory">/tmp/apex/cache</entry>
<entry key="cache.duration">days</entry>
<entry key="cache.expiration">7</entry>
<entry key="cache.maxEntries">500</entry>
<entry key="cache.monitorInterval">60</entry>
<entry key="cache.procedureNameList"/>
<entry key="cache.type">lru</entry>
<entry key="db.hostname">localhost</entry>
<entry key="db.password">@050784E0F3307C86A62BF4C58EE984BC49</entry>
<entry key="db.port">1521</entry>
<entry key="db.sid">DBDEV</entry>
<entry key="debug.debugger">false</entry>
<entry key="debug.printDebugToScreen">false</entry>
<entry key="error.keepErrorMessages">true</entry>
<entry key="error.maxEntries">50</entry>
<entry key="jdbc.DriverType">thin</entry>
<entry key="jdbc.InactivityTimeout">1800</entry>
<entry key="jdbc.InitialLimit">3</entry>
<entry key="jdbc.MaxConnectionReuseCount">1000</entry>
<entry key="jdbc.MaxLimit">10</entry>
<entry key="jdbc.MaxStatementsLimit">10</entry>
<entry key="jdbc.MinLimit">1</entry>
<entry key="jdbc.statementTimeout">900</entry>
<entry key="log.logging">false</entry>
<entry key="log.maxEntries">50</entry>
<entry key="misc.compress"/>
<entry key="misc.defaultPage">apex</entry>
<entry key="security.disableDefaultExclusionList">false</entry>
<entry key="security.maxEntries">2000</entry>

Note the only line I had to change was this one: <entry key=”db.sid”>DBDEV</entry>

After the config change, I just had to start ORDS on the target:

[delphix@linuxtarget ords]$ java -jar apex.war
Jan 21, 2015 1:18:22 PM oracle.dbtools.standalone.Standalone execute

Standalone mode is designed for use in development and test environments. It is not supported for use in production environments.

Jan 21, 2015 1:18:22 PM oracle.dbtools.standalone.Standalone execute
INFO: Starting standalone Web Container in: /u01/app/oracle/product/ords/config/apex
Jan 21, 2015 1:18:22 PM oracle.dbtools.standalone.Deployer deploy
INFO: Will deploy application path = /u01/app/oracle/product/ords/config/apex/apex/WEB-INF/web.xml
Jan 21, 2015 1:18:22 PM oracle.dbtools.standalone.Deployer deploy
INFO: Deployed application path = /u01/app/oracle/product/ords/config/apex/apex/WEB-INF/web.xml
Jan 21, 2015 1:18:22 PM oracle.dbtools.common.config.file.ConfigurationFolder logConfigFolder
INFO: Using configuration folder: /u01/app/oracle/product/ords/config/apex
Configuration properties for: apex
Jan 21, 2015 1:18:58 PM oracle.dbtools.common.config.db.ConfigurationValues intValue
WARNING: *** jdbc.MaxLimit in configuration apex is using a value of 10, this setting may not be sized adequately for a production environment ***
Jan 21, 2015 1:18:58 PM oracle.dbtools.common.config.db.ConfigurationValues intValue
WARNING: *** jdbc.InitialLimit in configuration apex is using a value of 3, this setting may not be sized adequately for a production environment ***
Using JDBC driver: Oracle JDBC driver version:
Jan 21, 2015 1:18:59 PM oracle.dbtools.rt.web.SCListener contextInitialized
INFO: Oracle REST Data Services initialized
Oracle REST Data Services version :
Oracle REST Data Services server info: Grizzly/1.9.49

Jan 21, 2015 1:18:59 PM com.sun.grizzly.Controller logVersion
INFO: GRIZZLY0001: Starting Grizzly Framework 1.9.49 - 1/21/15 1:18 PM
Jan 21, 2015 1:18:59 PM oracle.dbtools.standalone.Standalone execute
INFO: http://localhost:8080/apex/ started.

Step 6. Victory

With ORDS started, I’m now able to access APEX on my target and log in to see my applications.

APEX Login on TargetAPEX Apps on Target

Conclusion (or Step 7. Celebrate)

The cloned ORDS and APEX homes on the target and the DBDEV database are 100% full clones of their respective sources; block for block copies if you will. No matter how big the source data, these clones are done with a few clicks and takes only a few minutes, barely any disk space (in the megabytes, not gigabytes), and the clones can be refreshed from the source or rewound in minutes.

Delphix is capable of deploying not just database clones, but the whole app stack. Because Delphix stores incremental data changes (based on a retention period you decide), applications can be provisioned from any point in time or multiple points in time. And you can provision as many clones as you want to as many targets as you want, CPU and RAM on the targets permitting. All in all a fairly powerful capability and one I’ll be experimenting on quite a bit to see how the process and benefits can be improved. I’m thinking multi-VDB development deployments and a rewindable QA suite next!

The post Deploying Application Express with Delphix appeared first on Oracle Alchemist.

SQLCl - LDAP anyone?

Barry McGillin - Fri, 2015-01-23 09:02
since  we released our first preview of SDSQL, we've made  a lot of changes to it and enhanced a lot of things too in there so it would be more useable.  One specific one was the use of LDAP which some customers on SQLDeveloper are using in their organisations as a standard and our first release precluded them from working with this.

Well, to add this, we wanted a way that we could specify the LDAP strings and then use them in a connect statement.  We introduced a command called SET LDAPCON for setting the LDAP connection.  You can set it like this at the SQL> prompt
 set LDAPCON jdbc:oracle:thin:@ldap://scl58261.us.oracle.com:389/#ENTRY#,cn=OracleContext,dc=ldapcdc,dc=lcom  

or set it as an environment variable
 (~/sql) $export LDAPCON=jdbc:oracle:thin:@ldap://scl58261.us.oracle.com:389/#ENTRY#,cn=OracleContext,dc=ldapcdc,dc=lcom  

Then you can come along and as long as you know your service name, we're going to swap out the ENTRY delimiter in the LDAP connection with your service.  We're working on a more permanent way to allow these to be registered and used so they are more seamless.

In the meantime, you can then connect to your LDAP service like this
 BARRY@ORCL>set LDAPCON jdbc:oracle:thin:@ldap://scl58261.us.oracle.com:389/#ENTRY#,cn=OracleContext,dc=ldapcdc,dc=lcom  
BARRY@ORCL>connect barry/oracle@orclservice_test(Emily's Desktop)

Here's a qk little video of it in action!  You can then use  the 'SHOW JDBC' command to show what you are connected to.

This is the latest release which should be online soon, and you  can download it from here.

Oracle Audit Vault - Remedy and ArcSight Integration

Remedy Ticket System Integration

Oracle Audit Vault 12c includes a standard interface for BMC Remedy ticketing systems.  You can configure the Oracle Audit Vault to connect to BMC Remedy Action Request (AR) System Server 7.x.  This connection enables the Oracle Audit Vault to raise trouble tickets in response to Audit Vault alerts. 

Only one Remedy server can be configured for each Oracle Audit Vault installation.  After the interface has been configured, an Audit Vault auditor needs to create templates to map and handle the details of the alert.  Refer to the Oracle Audit Vault Administrator’s Guide Release 10.3, E23571-08, Oracle Corporation, August 2014, section 3.6 http://docs.oracle.com/cd/E23574_01/admin.103/e23571.pdf.

HP ArcSight Integration

HP’s ArcSight Security Information Event Management (SIEM) system is a centralized system for logging, analyzing, and managing messages from different sources.  Oracle Audit Vault can forward messages to ArcSight SIEM.

No additional software is needed to integrate with ArcSight.  Integration is done through configurations in the Audit Vault Server console.

Messages sent to the ArcSight SIEM Server are independent of any other messages sent from the Audit Vault (e.g., other Syslog feeds). 

There are three categories of messages sent –

  • System - syslog messages from subcomponents of the Audit Vault Sever
  • Info - specific change logging from the Database Firewall component of Oracle AVDF
  • Debug - a category that should only be used under the direction of Oracle Support

If you have questions, please contact us at mailto:info@integrigy.com

Auditing, Security Strategy and Standards, Oracle Audit Vault
Categories: APPS Blogs, Security Blogs

Everybody Says “Hackathon”!

Tugdual Grall - Fri, 2015-01-23 04:23
TLTR: MongoDB & Sage organized an internal Hackathon We use the new X3 Platform based on MongoDB, Node.js and HTML to add cool features to the ERP This shows that “any” enterprise can (should) do it to: look differently at software development build strong team spirit have fun! Introduction I have like many of you participated to multiple Hackathons where developers, designer and Tugdual Grallhttps://plus.google.com/103667961621022786141noreply@blogger.com2

Oracle EBS SYS.DUAL PUBLIC Privileges Security Issue Analysis (CVE-2015-0393)

Oracle E-Business Suite environments may be vulnerable due to excessive privileges granted on the SYS.DUAL table to PUBLIC.  This security issue has been resolved in the January 2015 Oracle Critical Patch Update (CPU) and has been assigned the CVE tracking identifier CVE-2015-0393.  The problem may impact all Oracle E-Business Suite versions including 11.5, 12.0, 12.1, and 12.2.  Recent press reports have labeled this vulnerability as a “major misconfiguration flaw.”  The security issue is actually broader than just the INDEX privilege that is being reported in the press and there may be at least four independent attack vectors depending on the granted privileges.  Fortunately, this issue does not affect all Oracle E-Business Suite environments - Integrigy has only identified this issue in a few number of Oracle E-Business Suite environments in the last three years.

Integrigy has published information on how to validate if this security flaw exists in your environment and how to remediate the issue.  The remediation can be done without apply the January 2015 CPU.

For more information, see Integrigy’s in-depth security analysis "Oracle EBS SYS.DUAL PUBLIC Privileges Security Issue Analysis (CVE-2015-0393)" for more information.


Oracle E-Business Suite
Categories: APPS Blogs, Security Blogs

EBS 12.2 Essential Bundle Fixes for AD Delta 5 and TXK Delta 5 (Doc ID 1934471.1)

Senthil Rajendran - Thu, 2015-01-22 07:38
EBS 12.2 Essential Bundle Fixes for AD Delta 5 and TXK Delta 5 (Doc ID 1934471.1)

if any of the below features are interesting to your deployment then please review the doc and apply the essential bundle patches on 12.2.5 environment. Hope this helps to stabilize your environment.

Section 4: Features and Fixes in the Current Code level
The bundle fixes include implementation of the following AD and TXK features and fixes.

4.1: AD Features and Fixes

  • The database connection module has been enhanced such that the former multiple connections during adop execution have been reduced to only two connections for all embedded SQL actions.
  • Concurrency issues during multi-node configuration have been fixed.
  • Redundancy issues have been addressed:
    • When calling validation on all nodes.
    • Unnecessary calls to the TXK API, have been removed from the cleanup phase.
    • Time-consuming database actions have been centralized, instead of being performed on all nodes.
  • Multinode logic has been changed to depend on a new table, adop_valid_nodes, instead of fnd_nodes.
  • An issue where AD Admin and AD Splice actions were not synchronized on shared slave nodes has been fixed.
  • Reporting capabilities have been improved for:
    • Abandon nodes and failed nodes.
    • Uncovered objects not being displayed after actualize_all in adopreports.
    • Out of sync nodes during fs_clone and abort.
  • Cutover improvements:
    • Restartability of cutover.
    • An obsoleted materialized view has been removed from processing during cutover.
  • xdfgen.pl has been enhanced to support execution against Oracle RAC databases where ipscan is enabled.
  • Support for valid comma-separated adop phases has been provided.
  • Several database-related performance issues have been fixed.
  • Improvements have been made in supporting hybrid, DMZ, non-shared, and shared configurations.
  • The adop utility has been enhanced to support host name containing the domain name.

4.2: TXK New Features and Fixes

  • Enhancements have been made to the provisioning tools used in multi-tier environments to perform operations such as adding or deleting nodes and adding or deleting managed servers.
  • An enhancement has been made to allow customization of the s_webport and s_http_listen_parameter context variables when adding a new node.
  • Performance improvements have been made for cloning application tier nodes, particularly in the pre-clone and post-clone phases.
  • Fixes related to cloning support for Oracle 12c Database have been provided.
  • Performance improvements have been made for managing application tier services, including implementation of the Managed Server Independence Mode feature (-msimode parameter to adstrtal.sh) to allow application tier services to be started or stopped without the WebLogic Administration Server running.
  • On a multi-node application tier system configuration, remote connectivity is no longer required for packaging the Oracle E-Business Suite WebLogic Server domain.
  • JVM heap size (-Xms and -Xmx) has been increased to 1 GB for the WebLogic Administration Server and all managed servers.


Subscribe to Oracle FAQ aggregator