Feed aggregator

Partner Webcast - ODA: The exclusive partner opportunity

Join us to learn more about Oracle Systems, Engineered Systems and Storage. Learn what we understand by “Cloud Insurance” through our Systems Webcast Series for EMEA Partners. The...

We share our skills to maximize your revenue!
Categories: DBA Blogs

Unable to locally verify the issuer's authority

Vikram Das - Wed, 2017-07-26 16:10
Chuka pinged me when he got this error in Qualys logs after installation of qualys agent on a server

2017-07-24 15:23:08.497 [qualys-cloud-agent][232147]:[Information]:Finished curl request
2017-07-24 15:23:08.497 [qualys-cloud-agent][232147]:[Error]:Http request failed:Peer certificate cannot be authenticated with given CA certificates: SSL certificate problem: unable to get local issuer certificate
2017-07-24 15:23:08.497 [qualys-cloud-agent][232147]:[Error]:Http request failed: error code: 0
2017-07-24 15:23:08.497 [qualys-cloud-agent][232147]:[Error]:CAPI request failed:
2017-07-24 15:23:08.497 [qualys-cloud-agent][232147]:[Error]:CAPI event failed

2017-07-24 15:23:08.500 [qualys-cloud-agent][232147]:[Information]:Next event: INTERVAL_EVENT_CAPI, time left: 100 seconds

I suggested that we try setting http_proxy and https_proxy environment variables and check with wget and curl

We did that and got the error:

Unable to locally verify the issuer's authority

On access.redhat.com, I found https://access.redhat.com/solutions/37323 that described a similar issue on RHEL5, we are on OEL6:

Getting "Unable to locally verify the issuer's authority" error from wget in RHEL 5
 SOLUTION VERIFIED - Updated February 6 2013 at 11:52 AM - 
  • Red Hat Enterprise Linux (RHEL) 5.5
  • When downloading from certain SSL URLs, wget throws the error "Unable to locally verify the issuer's authority".
ResolutionRoot Cause
  • The openssl /etc/pki/tls/certs/ca-bundle.crt file in RHEL 5.5 is outdated.
Diagnostic Steps
Reproduction steps:

$ wget https://www.internetx.com/
--2010-07-24 15:30:14-- https://www.internetx.com/
Resolving www.internetx.com..., 2001:4178:2:10::54, 2001:4178:2:10::55, ...
Connecting to www.internetx.com||:443... connected.
ERROR: cannot verify www.internetx.com's certificate, issued by '/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA':
Unable to locally verify the issuer's authority.
To connect to www.internetx.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
So we compared the size of the file  /etc/ssl/certs/ca-certificates.crt on a working server and this server.  Sure enough the file size was different.  On further investigation we found that there was a backup called ca-bundle.crt.newrpm that had the correct size.  So we took a backup of ca-bundle.crt and replaced it with the newer file.  The error stopped coming.  Even though the ca-certificates rpm version was same on both servers, someone had replaced the ca-bundle.crt file with the older version.  We would have to investigate, why that was done, before this solution can be implemented, as it is possible that the new certificates.crt file broke something, because of which it was replaced by the older version.  We should always have the latest ca-bundle.crt, so that we have the latest root certificates from the Certificate Authorities.
Categories: APPS Blogs

Easy Dashboard using nothing but APEX, Font APEX and SQL!

Joel Kallman - Wed, 2017-07-26 14:37
A customer from Tennessee recently asked for help in creating a simple dashboard in their Oracle APEX application.  In the PHP system they were coming from, they had a dashboard that looked like the following:

Most people think of dashboards as a nice cockpit panel containing charts and graphics.  While this example doesn't perfectly fit that description, it can be classified as a report that is summarized, and any elements which need attention are presented in a different color.

I've implemented similar solutions in the past, selecting an image reference in the SELECT clause of my report query, and then referencing this image reference as the column value.  But this time, I first solicited the opinion of Shakeeb Rahman, the Design Lead for Oracle APEX, and he provided me a better solution.  Using a simple combination of SQL and Font APEX, this can be easily and elegantly solved!

For this example, I created a new table CITY_STATUSES

create table city_statuses (
city_name varchar2(100) primary key,
status1 number,
status2 number,
status3 number);

I populated it with data, and then I created a new application with an Interactive Report on the table.  The query of the Interactive Report was simply:

select city_name,
from city_statuses

and my initial report looked like:

In my example, 1 is a good condition, 0 is a warning, and -1 indicates that an action must be taken.

Universal Theme
Universal Theme is a responsive, versatile, and customizable user interface for your Application Express apps.  The Universal Theme in Oracle APEX 5.1 includes Font APEX, a drop-in replacement for Font Awesome, but with better graphics and more of them (courtesy of master graphic artist Bob Daly).  You can learn more about the Universal Theme at https://apex.oracle.com/ut, and you can learn more about Font APEX at https://apex.oracle.com/fontapex.

Shakeeb recommended I use Font APEX and the Universal Theme helper classes to solve this problem.  The helper classes can be used to set the colors on any custom component.  You can find these Universal Theme helper classes at https://apex.oracle.com/ut -> Reference -> Color and Status Modifiers.  What's nice about these colors is that they are coordinated with the Theme Roller in APEX.  If you change the global success color in Theme Roller, the icon color will also be updated.

To solve this specific problem for the dashboard, I selected two additional columns in the SELECT clause for each STATUS column:
  1. status_icon - String representing the icon class and modifier class
  2. status_description - Description of the status icon, for accessibility purposes.  This is very important, because we are changing from a discrete value in the report to an icon and a color.  Without the description column, this information will be inaccessible.
For the icons and modifiers, I used:
  • Success: fa-check-circle-o u-success-text
  • Warning: fa-exclamation-triangle u-warning-text
  • Error: fa-exception u-danger-text
The SolutionFor each status column in my SELECT clause, I added a corresponding icon and description column:

 select city_name,
case status1
when 1 then 'fa-check-circle-o u-success-text'
when 0 then 'fa-exclamation-triangle u-warning-text'
when -1 then 'fa-exception u-danger-text'
end status1_icon,
case status1
when 1 then 'OK'
when 0 then 'Warning'
when -1 then 'Danger'
end status1_description,
case status2
when 1 then 'fa-check-circle-o u-success-text'
when 0 then 'fa-exclamation-triangle u-warning-text'
when -1 then 'fa-exception u-danger-text'
end status2_icon,
case status2
when 1 then 'OK'
when 0 then 'Warning'
when -1 then 'Danger'
end status2_description,
case status3
when 1 then 'fa-check-circle-o u-success-text'
when 0 then 'fa-exclamation-triangle u-warning-text'
when -1 then 'fa-exception u-danger-text'
end status3_icon,
case status3
when 1 then 'OK'
when 0 then 'Warning'
when -1 then 'Danger'
end status3_description
from city_statuses

After saving the updated query for the Interactive Report, I edited these columns in Page Designer and changed the property Type from Plain Text to Hidden Column.

Then, for the columns STATUS1, STATUS2 and STATUS3, in Page Designer I changed the property HTML Expression to:

<span class="fa #STATUS1_ICON#" title="#STATUS1_DESC#"></span>

Obviously, replace STATUS1 with the correct corresponding column name. I adjusted the heading and column alignment of each column to center, and voila!  It couldn't be easier.

If for some reason you want to make the icons even larger, no problem!  Simply add the fa-2x modifier in the HTML expression (after #STATUS1_ICON#).

Experiment with the modifiers of Font APEX at https://apex.oracle.com/fontapex.  Choose your icon, vary the size, animation, modifier, and status.  Just don't go crazy - we don't want to see the world's APEX apps introduce the equivalent of the <marquee> tag again.

Shakeeb presented the Universal Theme, these modifiers, and much more in a recorded Webinar from ODTUG.

P.S.  While you might be tempted to simplify the query and use an inline PL/SQL function in the WITH clause of the query, you most likely will encounter error "ORA-32034: unsupported use of WITH clause".  This is because the Interactive Report will enclose your original query in a subquery, and in general, inline PL/SQL functions in subqueries are intentionally prohibited by the Oracle Database.

ABC Fine Wine & Spirits Modernizes the Customer Experience with Oracle Retail

Oracle Press Releases - Wed, 2017-07-26 11:00
Press Release
ABC Fine Wine & Spirits Modernizes the Customer Experience with Oracle Retail Leveraging Oracle Retail Xstore Point-of-Service as an Omnichannel Platform

Redwood Shores, Calif.—Jul 26, 2017

Today, Oracle announced that ABC Fine Wine & Spirits has upgraded the Oracle Retail Xstore Point-of-Service with the help of SkillNet Solutions. ABC Fine Wine & Spirits differentiates their shopping experience with a superior product assortment, outstanding service and competitive pricing by empowering its associates with modern and intuitive tools. ABC Fine Wine & Spirits operates 130 stores across Florida, selling beer, wine, spirits, cigars and gourmet food items.

“We are continuously assessing how our stores and services meet our customers’ needs. We are committed to providing the best overall shopping experience possible. We place our customers at the center of our operations and initiatives,” said Robert Summers, CFO and CIO, ABC Fine Wine & Spirits. “With the implementation of Oracle Retail solutions, we are providing an intuitive modern shopping experience that also protects our customers with EMV compliance and PCI approvals.”

“Recognizing the value and impact that upgrading their systems would bring to their customer experience across channels, ABC Fine Wine & Spirits strategically opted to move to a more recent release of the solution to take advantage of new innovations offered by Oracle,” said Charlie Daggs, Vice President, SkillNet Solutions. “We worked closely with ABC Fine Wine & Spirits to optimize the upgraded solution and create a sustainable path to benefit from mobile and cross channel functionality.”

“Our team was able to deliver the pilot in 7 months with SkillNet. We wanted to leverage the new functionality of the Oracle Retail Xstore Point-of-Service solution as quickly as possible,” said Tina Burleigh, Director of Store Systems, ABC Fine Wine & Spirits. “With the implementation, we were able to reduce our number of customizations by over 80%.”

“By leveraging Oracle Retail Xstore Point-of-Service as a platform to connect with customers, ABC Fine Wine & Spirts can execute a superior shopping experience. With the latest innovations in our Xstore Point-of-Service, ABC Fine Wine & Spirits can provide a single, 360-degree view of its customers in real time for all touchpoints to facilitate more meaningful engagements,” said Ray Carlin, Senior Vice President and General Manager, Oracle Retail.

About Oracle Retail

Oracle provides retailers with a complete, open, and integrated suite of best-of-breed business applications, cloud services, and hardware that are engineered to work together and empower commerce. Leading fashion, grocery, and specialty retailers use Oracle solutions to anticipate market changes, simplify operations and inspire authentic brand interactions. For more information, visit our website at oracle.com/retail.

About Oracle

The Oracle Cloud delivers hundreds of SaaS applications and enterprise-class PaaS and IaaS services to customers in more than 195 countries and territories while processing 55 billion transactions a day. For more information about Oracle (NYSE:ORCL), please visit us at oracle.com.

About ABC Fine Wine & Spirits

Orlando-based ABC Fine Wine & Spirits is Florida’s oldest and largest wine and spirits retailer. Founded in 1936 in Orlando by Jack Holloway, the company is in its third generation of family leadership, with CEO Charles Bailes III and Executive Vice President Jess Bailes leading the organization. ABC operates over one hundred locations throughout Florida. www.abcfws.com.


Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Oracle Mobile Cloud Service (MCS) and Integration Cloud Service (ICS): How secure is your TLS connection?

Amis Blog - Wed, 2017-07-26 08:27

In a previous blog I have explained which what cipher suites are, the role they play in establishing SSL connections and have provided some suggestions on how you can determine which cipher suite is a strong cipher suite. In this blog post I’ll apply this knowledge to look at incoming connections to Oracle Mobile Cloud Service and Integration Cloud Service. Outgoing connections are a different story altogether. These two cloud services do not allow you control of cipher suites to the extend as for example Oracle Java Cloud Service and you are thus forced to use the cipher suites Oracle has chosen for you.

Why should you be interested in TLS? Well, ‘normal’ application authentication uses tokens (like SAML, JWT, OAuth). Once an attacker obtains such a token (and no additional client authentication is in place), it is more or less free game for the attacker. An important mechanism which prevents the attacker from obtaining the token is TLS (Transport Layer Security). The strength of the provided security depends on the choice of cipher suite. The cipher suite is chosen by negotiation between client and server. The client provides options and the server chooses the one which has its preference.

Disclaimer: my knowledge is not at the level that I can personally exploit the liabilities in different cipher suites. I’ve used several posts I found online as references. I have used the OWASP TLS Cheat Sheet extensively which provides many references for further investigation should you wish.

Method Cipher suites

The supported cipher suites for the Oracle Cloud Services appear to be (on first glance) host specific and not URL specific. The APIs and exposed services use the same cipher suites. Also the specific configuration of the service is irrelevant we are testing the connection, not the message. Using tools described here (for public URL’s https://www.ssllabs.com/ssltest/ is easiest) you can check if the SSL connection is secure. You can also check yourself with a command like: nmap –script ssl-enum-ciphers -p 443 hostname. Also there are various scripts available. See for some suggestions here.

I’ve looked at two Oracle Cloud services which are available to me at the moment:


It was interesting to see the supported cipher suites for Mobile Cloud Service and Integration Cloud Service are the same and also the supported cipher suites for the services and APIs are the same. This could indicate Oracle has public cloud wide standards for this and they are doing a good job at implementing it!

Supported cipher suites

TLS 1.2
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)

TLS 1.1
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS

TLS 1.0
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS

Liabilities in the cipher suites

You should not read this as an attack against the choices made in the Oracle Public Cloud for SSL connections. Generally the cipher suites Oracle chose to support are pretty secure and there is no need to worry unless you want to protect yourself against groups like the larger security agencies. When choosing your cipher suite in your own implementations outside the mentioned Oracle cloud products, I would go for stronger cipher suites than which are provided. Read here.

TLS 1.0 support

TLS 1.0 is supported by the Oracle Cloud services. This standard is outdated and should be disabled. Read the following for some arguments of why you should do this. It is possible Oracle choose to support TLS 1.0 since some older browsers (really old ones like IE6) do not support TLS 1.1 and 1.2 yet. This is a consideration of compatibility versus security.

TLS_RSA_WITH_3DES_EDE_CBC_SHA might be a weak cipher

There are questions whether TLS_RSA_WITH_3DES_EDE_CBC_SHA could be considered insecure (read here, here and here why). Also SSLLabs says it is weak. You can mitigate some of the vulnerabilities by not using CBC mode, but that is not an option in the Oracle cloud as GCM is not supported (see more below). If a client indicates he only supports TLS_RSA_WITH_3DES_EDE_CBC_SHA, this cipher suite is used for the SSL connection making you vulnerable to collision attacks like sweet32. Also it uses a SHA1 hash which can be considered insecure (read more below).

Weak hashing algorithms

There are no cipher suites available which provide SHA384 hashing. Only SHA256 and SHA. SHA1 (SHA) is considered insecure (see here and here. plenty of other references to this can be found easily).

No GCM mode support

GCM provides data authenticity (integrity) and confidentiality checking. It is more efficient and performant compared to CBC mode. CBC only provides authenticity/integrity but no confidentiality checking. GCM uses a so-called nonce. You cannot use the same nonce to encrypt data with the same key twice.

Wildcard certificates are used

As you can see in the screenshot below, the certificate used for my Mobile Cloud Service contains a wildcard: *.mobileenv.us2.oraclecloud.com.

This means the same certificate is used for all Mobile Cloud Service hosts in a data center unless specifically overridden. See here Rule – Do Not Use Wildcard Certificates. They violate the principle of least privilege. If you decide to implement two-way SSL, I would definitely consider using your own certificates since you want to avoid trust on the data center level. They also violate the EV Certificate Guidelines. Since the certificate is per data center, there is no difference between the certificate used for development environments compared to production environments. In addition, everyone in the same data center will use the same certificate. Should the private key be compromised (of course Oracle will try not to let this happen!), this will be an issue for the entire data center and everyone using the default certificate.

Oracle provides the option to use your own certificates and even recommends this. See here. This allows you to manage your own host specific certificate instead of the one used by the data center.

Choice of keys

Only RSA and ECDHE keys are used and no DSA/DSS keys. Also the ECDHE keys are given priority above the RSA keys. ECDHE gives forward secrecy. Read more here. DHE however is preferred above ECDHE (see here) since ECDHE uses Elliptic Curves and there are doubts they are really secure. Read here and here. Oracle does not provide DHE support in their list of cipher suites.

Strengths of the cipher suites

Is it all bad? No, definitely not! You can see Oracle has put thought into choosing their cipher suites and only provide a select list. Maybe it is possible to request stronger cipher suites to be enabled by contacting Oracle support.

Good choice of encryption algorithm

AES is the preferred encryption algorithm (here). WITH_AES_256 is supported which is a good thing. WITH_AES_128 is also supported. This one is obviously weaker, but it is not really terrible that it is still used and for compatibility reasons, OWASP even recommends TLS_RSA_WITH_AES_128_CBC_SHA as cipher suite (also SHA1!) so they are not completely against it.

Good choice of ECDHE curve

The ECDHE curve used is the default most commonly used secp256r1 which is equivalent to 3072 bits RSA. OWASP recommends > 2048 bits so this is ok.

No support for SSL2 and SSL3

Of course SSL2 and SSL3 are not secure anymore and usage should not be allowed.

So why these choices? Considerations

I’ve not been involved with these choices and have not talked to Oracle about this. In summary, I’m just guessing at the considerations.

I can imagine the cipher suites have been chosen to create a balance between compatibility, performance and security. Also, they could be related to export restrictions / government regulations. The supported cipher suites do not all require the installation of JCE (here) but some do. For example usage of AES_256 and ECDHE require the JCE cryptographic provider but AES_128 and RSA do not. Also of course compatibility is taken into consideration. The list of supported cipher suites are common cipher suites supported by most web browsers (see here). When taking performance into consideration (although this is hardware dependent, certain cipher suites perform better on ARM processors, others better on for example Intel), using ECDHE is not at all strange while not using GCM might not be a good idea (try for example the following: gnutls-cli –benchmark-ciphers). For Oracle using a single certificate for your data center with a wildcard is of course an easy and cheap default solution.

  • Customers should consider using their own host specific certificates instead of the default wildcard certificate.
  • Customers should try to put constraints on their clients. Since the public cloud offers support for weak ciphers, the negotiation between client and server determines the cipher suite (and thus strength) used. If the client does not allow weak ciphers, relatively strong ciphers will be used. It of course depends if you are able to do this since if you would like to provide access to the entire world, controlling the client can be a challenge. If however you are integrating web services, you are more in control (unless of course a SaaS solution has limitations).
  • Work with Oracle support to see what is possible and where the limitations are.
  • Whenever you have more control, consider using stronger cipher suites like TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

The post Oracle Mobile Cloud Service (MCS) and Integration Cloud Service (ICS): How secure is your TLS connection? appeared first on AMIS Oracle and Java Blog.

Telecom Brokerage Fuels Rapid Growth with NetSuite

Oracle Press Releases - Wed, 2017-07-26 08:00
Press Release
Telecom Brokerage Fuels Rapid Growth with NetSuite Master agent nets triple-digit gains in sales productivity and commissionable revenue with move to cloud ERP

SAN MATEO, Calif.—Jul 26, 2017

Oracle NetSuite Global Business Unit, one of the world’s leading providers of cloud-based financials / ERP, HR, Professional Services Automation (PSA) and omnichannel commerce software suites, announced today that TBI (Telecom Brokerage Inc.), the nation's largest master agent and technology services distributor, has continued its rapid growth since graduating to NetSuite from QuickBooks and an industry-specific solution called RPM Telco. TBI relies on NetSuite to run end-to-end processes, spanning financials, quoting, order management, billing, customer relationship management (CRM) and project management. Additionally, NetSuite’s powerful and flexible SuiteCloud development platform has enabled TBI to embed the commissions it receives from carriers and share them with its IT service provider selling partners, all from within the NetSuite platform.

Since implementing NetSuite in July 2014, TBI sales productivity has soared 133 percent. Commissionable revenue has doubled, while the workforce has grown 80 percent to 180 employees. The company has improved efficiency and visibility across the business while strengthening its partnerships.

Founded in 1991, TBI offers enterprise IT solutions in voice, data, internet and cloud from more than 85 carriers, including Verizon, Comcast, AT&T, CenturyLink and Spectrum. As the company grew in a hot IT market, it needed to streamline complex operational processes and become more efficient for its selling partners. TBI evaluated Microsoft Dynamics, Sage, SugarCRM and Salesforce.com before selecting NetSuite as the optimal platform for its next phase of growth.

“Our business has seen explosive growth that’s a byproduct of the sector — but also our ability to adapt to market changes with real-time business intelligence in NetSuite,” said Jeff Newton, VP of Enterprise Sales and IT at TBI. “NetSuite has given us a level of visibility we never envisioned. We can better manage our customers’ experience based on how efficiently orders move through our system.”

TBI initially looked at NetSuite to replace QuickBooks and provide CRM capabilities. It soon realized, however, that it could also move its mission-critical commissioning functions from RPM Telco into a single NetSuite environment. Working with NetSuite Solution Provider Gurus Solutions and the NetSuite SuiteCloud development platform, TBI further customized unique processes within commissioning and its operational support departments. Visibility into commissioning and order tracking is now shared with its selling partners directly in NetSuite’s unified platform.

“It’s a very complex and mission-critical workflow to get commissions to agents. We were effectively putting our business on the line by moving commissioning into NetSuite,” Newton said. “I can say our migration from RPM Telco to NetSuite has made this the most successful technology move TBI has ever undertaken.”

With NetSuite, TBI is now able to continue its rapid growth trajectory. “As we look to grow our business in new sectors and verticals, NetSuite is not a limiting factor whatsoever,” Newton said. “It scales with the business.”

TBI has gained the following benefits since implementing NetSuite:

  • Strong partner relationships. With NetSuite Advanced Partner Center, TBI’s more than 3,000 partner users can track commissions, orders and financial data in NetSuite, as well as run reports, open tickets and troubleshoot issues.
  • Business efficiency. TBI has minimized the inefficient “swivel chair” syndrome of piecing together information across disparate applications, enabling its personnel to focus on customer service and driving sales.
  • Real-time visibility. Reporting and analytics on a single source of data in NetSuite give TBI real-time insights into key business metrics that are critical to continuously optimizing business models and processes.
  • Project management. TBI relies on the NetSuite Project Management module to help manage engagements with IT service provider partners, from planning and contract management through to implementation.
  • Agile and flexible development platform. TBI has taken advantage of the customization capabilities of the NetSuite SuiteCloud Development Platform and NetSuite partner solutions, including HubSpot for marketing automation and 8x8 and Five9 for enterprise contact center, to build an agile cloud ecosystem.
  About SuiteCloud

NetSuite’s SuiteCloud is a comprehensive offering of cloud-based products, development tools and services designed to help customers and commercial software developers take advantage of the significant economic benefits of cloud computing. Based on NetSuite, the industry's leading provider of cloud-based financials / ERP software suites, SuiteCloud enables customers to run their core business operations in the cloud, and software developers to target new markets quickly with newly-created mission-critical applications built on top of mature and proven business processes.

The SuiteCloud Developer Network (SDN) is a comprehensive developer program for independent software vendors (ISVs) who build apps for SuiteCloud. All available SuiteApps are listed on SuiteApp.com, a single-source online marketplace where NetSuite customers can find applications to meet specific business process or industry-specific needs. For more information on SuiteCloud and the SDN program, please visit www.netsuite.com/developers.

About Oracle NetSuite Global Business Unit

Oracle NetSuite Global Business Unit pioneered the Cloud Computing revolution in 1998, establishing the world's first company dedicated to delivering business applications over the internet. Today, Oracle NetSuite Global Business Unit provides a suite of cloud-based financials / Enterprise Resource Planning (ERP), HR and omnichannel commerce software that runs the business of companies in more than 100 countries. For more information, please visit http://www.netsuite.com.

Follow Oracle NetSuite Global Business Unit’s Cloud blog, Facebook page and @NetSuite Twitter handle for real-time updates.

Contact Info
Christine Allen
Oracle NetSuite Global Business Unit
About Oracle

The Oracle Cloud offers complete SaaS application suites for ERP, HCM and CX, plus best-in-class database Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) from data centers throughout the Americas, Europe and Asia. For more information about Oracle (NYSE:ORCL), please visit us at oracle.com.


Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Talk to a Press Contact

Christine Allen

  • 603-743-4534

SQL Developer Database Export Error

Tom Kyte - Wed, 2017-07-26 07:26
Hello. I'm using SQLDeveloper for coping my database from one server to another. So I choose Tools->Database Export..., then connection and couple of options (like this one https://docs.oracle.com/cd/E17781_01/server.112/e18804/impexp.htm#BABHFHGH). ...
Categories: DBA Blogs

GETTING ORA-29270: too many open HTTP requests error

Tom Kyte - Wed, 2017-07-26 07:26
Hi, Please find below procedure from which we are keep on getting "ORA-29270: too many open HTTP requests" error, Procedure: <code>CREATE OR REPLACE PROCEDURE test_task ( p_quote_number IN cct_quote.quote_number%TYPE, p_quote...
Categories: DBA Blogs

Oracle PQ processing in pluggable database

Tom Kyte - Wed, 2017-07-26 07:26
The problem - I cannot get any parallel execution in a pluggable database in version and hoping you can shed some light on what I am missing. Hopefully I provided enough information to get started. It's almost like parallelism is not "...
Categories: DBA Blogs

Migrating LOB data across Oracle databases with different versions

Tom Kyte - Wed, 2017-07-26 07:26
Hello, Hope you are doing well. We are working on a database migration exercise where our source Oracle database is on 11g (11.2.0) and the target Oracle database is 12c (12.1.0). We are using expdp/impdp for exporting and importing data ...
Categories: DBA Blogs

Tuning a query with cursor expressions

Tom Kyte - Wed, 2017-07-26 07:26
<code>Hi Iam fairly new to oracle and i was given a query that takes a long time which is used to fetch some numbers associated with each info of an order, to be tuned. < select A.LS201_SEC_SEQ_NO,CHR(B.LS201_SEC_CODE+64)||'.'||B.LS201_SEC_NAM...
Categories: DBA Blogs

Update the records into the table.

Tom Kyte - Wed, 2017-07-26 07:26
Hello Experts, We have a below package procedure with that we are trying to update the table based on different if..else condition but its not updating the records based on condition. its updating the records based on last condition. For example, ...
Categories: DBA Blogs

PL/SQL Native Compilation

Tom Kyte - Wed, 2017-07-26 07:26
Hi, Based on the following link http://www.oracle.com/technetwork/database/features/plsql/ncomp-faq-087606.html , it says native compilation will perform much better than the default interpreted compilation(sorry if I misinterpreted). So, why ...
Categories: DBA Blogs

Oracle Monetization Cloud Enables Recurring Revenue Models for Digital Services Providers

Oracle Press Releases - Wed, 2017-07-26 07:00
Press Release
Oracle Monetization Cloud Enables Recurring Revenue Models for Digital Services Providers New service complements Oracle ERP Cloud and Oracle Customer Experience Cloud Suite to provide monetization across the customer journey

Redwood Shores, Calif.—Jul 26, 2017

Empowering innovative businesses to launch competitive pricing models in the era of digital commerce, Oracle today announced Oracle Monetization Cloud. The new cloud service accelerates time to market for digital and subscription-based products and services by enabling the full life cycle of customer on-boarding, offer creation, robust rating and discounting, billing, customized invoicing and reporting.

Enterprises are increasingly focused on generating recurring revenues and developing lasting customer relationships by extending from one-time purchases to recurring business models. Agile billing capabilities are required to help digital service providers monetize new offerings and differentiate their services in competitive markets. Oracle Monetization Cloud combines the power of scalable monetization capabilities with the simplicity, agility, and security of Oracle Cloud to accelerate time to market for digital services.

“Subscriptions, demand-based price models, pay-per-use, and increasingly complex agreements with a litany of unique entitlements are now the norm,” said Andrew Dailey, Managing Director of MGI Research.

Across industries and in scenarios ranging from cloud hosting to digital media to the Internet of Things, enterprises and digital service providers are looking to quickly launch new business models to compete in the digital economy. Whether these digital service providers are monetizing connected cars, using sensors to aggregate and monetize data, or transitioning to offering their software as a service, they are undergoing a digital transformation that requires flexible new pricing, billing, revenue management, and real-time subscriber management capabilities.

“In today’s competitive business environment, customers are demanding the power to purchase the products and services that they want, when they want them, at a price point that they can afford,” said Doug Suriano, senior vice president and general manager for Oracle Communications. “Oracle Monetization Cloud enables digital service providers to quickly launch innovative offerings and deliver a positive customer experience while reducing revenue leakage and improving financial reporting and compliance.”

With Oracle Monetization Cloud users benefit from:

  • Full life-cycle capabilities: The service supports the full life-cycle of subscription services, from on-boarding subscribers, to rapidly launching and modifying innovative offerings, to leveraging flexible rating, discounting and billing capabilities, to customizing invoices, to analyzing business performance through robust reporting. These functions are available through intuitive web-based user interfaces so customers can quickly deploy and modify their offerings to meet market demand.
  • Easy integration: Newly developed out-of-the-box connectors and standard web-based SOAP and REST APIs enable customers to integrate easily with front-office and back-office systems, including Oracle, Chase Paymentech and other third party CRM, e-commerce, ERP systems and payment and tax gateways. These simplified integration options speed deployment of the cloud service and thereby accelerate time to market, providing customers with the convenience of continuing to use their existing solutions.
  • Risk and cost reduction: Full compliance and certification with Payment Card Industry (PCI) and Generally Accepted Accounting Principles (GAAP) as well as support for fully compliant re-invoicing and recognition of seven types of revenue allow customers to reduce risk, combat revenue leakage and ensure audit compliance.
  • Full suite of monetization capabilities: The monetization solution is part of a full platform that spans the customer journey from engaging on social channels to tracking a sales lead to creating and offering innovative services to on-boarding subscribers to rating and billing to revenue recognition and compliance. Oracle is unique in offering an end-to-end suite of best-in-breed cloud services that work together in monetizing the entire journey.
Contact Info
Katie Barron
Raleigh Miller
About Oracle

The Oracle Cloud offers complete SaaS application suites for ERP, HCM and CX, plus best-in-class database Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) from data centers throughout the Americas, Europe and Asia. For more information about Oracle (NYSE:ORCL), please visit us at oracle.com.


Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Talk to a Press Contact

Katie Barron

  • +1.202.904.1138

Raleigh Miller

  • +1.202.530.4554

Quarterly EBS Upgrade Recommendations: July 2017 Edition

Steven Chan - Wed, 2017-07-26 02:00

We've previously provided advice on the general priorities for applying EBS updates and creating a comprehensive maintenance strategy.   

Here are our latest upgrade recommendations for E-Business Suite updates and technology stack components.  These quarterly recommendations are based upon the latest updates to Oracle's product strategies, latest support timelines, and newly-certified releases

You can research these yourself using this Note:

Upgrade Recommendations for July 2017

  EBS 12.2  EBS 12.1  EBS 12.0  EBS 11.5.10 Check your EBS support status and patching baseline

Apply the minimum 12.2 patching baseline
(EBS 12.2.3 + latest technology stack updates listed below)

In Premier Support to September 30, 2023

Apply the minimum 12.1 patching baseline
(12.1.3 Family Packs for products in use + latest technology stack updates listed below)

In Premier Support to December 31, 2021

In Sustaining Support. No new patches available.

Upgrade to 12.1.3 or 12.2

Before upgrading, 12.0 users should be on the minimum 12.0 patching baseline

In Sustaining Support. No new patches available.

Upgrade to 12.1.3 or 12.2

Before upgrading, 11i users should be on the minimum 11i patching baseline

Apply the latest EBS suite-wide RPC or RUP

Sept. 2016

12.1.3 RPC5
Aug. 2016

Use the latest Rapid Install

StartCD 51
Feb. 2016

StartCD 13
Aug. 2011


Apply the latest EBS technology stack, tools, and libraries

AD/TXK Delta 9
Apr. 2017

Apr. 2017

EBS 12.2.6 OAF Update 4

EBS 12.2.5 OAF Update 13
Jun. 2017

EBS 12.2.4 OAF Update 15
Mar. 2017

May 2017

Web Tier Utilities

Daylight Savings Time DSTv28
Nov. 2016

Apr. 2017

OAF Bundle 5
Jun. 2016

JTT Update 4
Oct. 2016

Daylight Savings Time DSTv28
Nov. 2016



Apply the latest security updates

Jul. 2017 Critical Patch Update

SHA-2 PKI Certificates

SHA-2 Update for Web ADI & Report Manager

Migrate from SSL or TLS 1.0 to TLS 1.2

Sign JAR files

Jul. 2017 Critical Patch Update

SHA-2 PKI Certificates

SHA-2 Update for Web ADI & Report Manager

Migrate from SSL or TLS 1.0 to TLS 1.2

Sign JAR files

Oct. 2015 Critical Patch Update April 2016 Critical Patch Update Use the latest certified desktop components

Use the latest JRE 1.8, 1.7, or 1.6 release that meets your requirements.

Switch to Java Web Start

Upgrade to IE 11

Upgrade to Firefox ESR 52

Upgrade Office 2003 and Office 2007 to later Office versions (e.g. Office 2016)

Upgrade Windows XP and Vista and Win 10v1507 to later versions (e.g. Windows 10v1607)

Use the latest JRE 1.8, 1.7, or 1.6 release that meets your requirements

Switch to Java Web Start

Upgrade to IE 11

Upgrade to Firefox ESR 52

Upgrade Office 2003 and Office 2007 to later Office versions (e.g. Office 2016)

Upgrade Windows XP and Vista and Win 10v1507 to later versions (e.g. Windows 10v1607)

    Upgrade to the latest database Database or Database or Database or Database or If you're using Oracle Identity Management

Upgrade to Oracle Access Manager

Upgrade to Oracle Internet Directory

Migrate from Oracle SSO to OAM

Upgrade to Oracle Internet Directory

    If you're using Oracle Discoverer

Migrate to Oracle
Business Intelligence Enterprise Edition (OBIEE), Oracle Business
Intelligence Applications (OBIA).

Discoverer is in Sustaining Support as of June 2017

Migrate to Oracle
Business Intelligence Enterprise Edition (OBIEE), Oracle Business
Intelligence Applications (OBIA).

Discoverer is in Sustaining Support as of June 2017

    If you're using Oracle Portal Migrate to Oracle WebCenter Migrate to Oracle WebCenter or upgrade to Portal (End of Life Jun. 2017).


Categories: APPS Blogs

Can I do it with PostgreSQL? – 17 – Identifying a blocking session

Yann Neuhaus - Tue, 2017-07-25 13:49

One single blocking session in a database can completely halt your application so identifying which session is blocking other sessions is a task you must be able to perform quickly. In Oracle you can query v$session for getting that information (blocking_session, final_blocking_session). Can you do the same in PostgreSQL? Yes, you definitely can, lets go.

As usual we’ll start by creating a test table:

postgres@pgbox:/home/postgres/ [PG10B] psql -X postgres
psql (10beta2 dbi services build)
Type "help" for help.

postgres=# create table t1 ( a int );

One way to force other sessions to wait is to start a new transaction, modify the table:

postgres=# begin;
postgres=# alter table t1 add column t2 text;

… and then try to insert data into the same table from another session:

postgres@pgbox:/home/postgres/ [PG10B] psql -X postgres
psql (10beta2 dbi services build)
Type "help" for help.

postgres=# insert into t1 (a) values (1);

The insert statement will hang/wait because the modification of the table is still ongoing (the transaction did neither commit nor rollback, remember that DDLs in PostgreSQL are transactional). Now that we have a blocking session how can we identify the session?

What “v$session” is in Oracle, pg_stat_activity is in PostgreSQL (Note: I am using PostgreSQL 10Beta2 here):

postgres=# \d pg_stat_activity 
                      View "pg_catalog.pg_stat_activity"
      Column      |           Type           | Collation | Nullable | Default 
 datid            | oid                      |           |          | 
 datname          | name                     |           |          | 
 pid              | integer                  |           |          | 
 usesysid         | oid                      |           |          | 
 usename          | name                     |           |          | 
 application_name | text                     |           |          | 
 client_addr      | inet                     |           |          | 
 client_hostname  | text                     |           |          | 
 client_port      | integer                  |           |          | 
 backend_start    | timestamp with time zone |           |          | 
 xact_start       | timestamp with time zone |           |          | 
 query_start      | timestamp with time zone |           |          | 
 state_change     | timestamp with time zone |           |          | 
 wait_event_type  | text                     |           |          | 
 wait_event       | text                     |           |          | 
 state            | text                     |           |          | 
 backend_xid      | xid                      |           |          | 
 backend_xmin     | xid                      |           |          | 
 query            | text                     |           |          | 
 backend_type     | text         

There is no column which identifies a blocking session but there are other interesting columns:

postgres=# select datname,pid,usename,wait_event_type,wait_event,state,query from pg_stat_activity where backend_type = 'client backend' and pid != pg_backend_pid();
 datname  | pid  | usename  | wait_event_type | wait_event |        state        |               query                
 postgres | 2572 | postgres | Client          | ClientRead | idle in transaction | alter table t1 add column t2 text;
 postgres | 2992 | postgres | Lock            | relation   | active              | insert into t1 (a) values (1);
(2 rows)

This shows only client connections (excluding all the backend connections) and does not show the current session. In this case it is easy to identify the session which is blocking because we only have two sessions. When you have hundreds of sessions it becomes more tricky to identify the session which is blocking by looking at pg_stat_activity.

When you want to know which locks are currently being held/granted in PostgreSQL you can query pg_locks:

postgres=# \d pg_locks
                   View "pg_catalog.pg_locks"
       Column       |   Type   | Collation | Nullable | Default 
 locktype           | text     |           |          | 
 database           | oid      |           |          | 
 relation           | oid      |           |          | 
 page               | integer  |           |          | 
 tuple              | smallint |           |          | 
 virtualxid         | text     |           |          | 
 transactionid      | xid      |           |          | 
 classid            | oid      |           |          | 
 objid              | oid      |           |          | 
 objsubid           | smallint |           |          | 
 virtualtransaction | text     |           |          | 
 pid                | integer  |           |          | 
 mode               | text     |           |          | 
 granted            | boolean  |           |          | 
 fastpath           | boolean  |           |          | 

What can we see here:

postgres=# select locktype,database,relation,pid,mode,granted from pg_locks where pid != pg_backend_pid();
   locktype    | database | relation | pid  |        mode         | granted 
 virtualxid    |          |          | 2992 | ExclusiveLock       | t
 virtualxid    |          |          | 2572 | ExclusiveLock       | t
 relation      |    13212 |    24576 | 2992 | RowExclusiveLock    | f
 relation      |    13212 |    24581 | 2572 | AccessExclusiveLock | t
 transactionid |          |          | 2572 | ExclusiveLock       | t
 relation      |    13212 |    24579 | 2572 | ShareLock           | t
 relation      |    13212 |    24576 | 2572 | AccessExclusiveLock | t
(7 rows)

There is one lock for session 2992 which is not granted and that is the session which currently is trying to insert a row in the table (see above). We can get more information by joining pg_locks with pg_database and pg_class taking the pids from above:

select b.locktype,d.datname,c.relname,b.pid,b.mode 
  from pg_locks b 
     , pg_database d
     , pg_class c
 where b.pid in (2572,2992)
   and b.database = d.oid
   and b.relation = c.oid;

 locktype | datname  | relname | pid  |        mode         
 relation | postgres | t1      | 2992 | RowExclusiveLock
 relation | postgres | t1      | 2572 | AccessExclusiveLock
(2 rows)

Does that help us beside that we now know that both sessions want to do some stuff against the t1 table? Not really. So how can we then identify a blocking session? Easy, use the pg_blocking_pids system information function passing in the session which is blocked:

postgres=# select pg_blocking_pids(2992);
(1 row)

This gives you a list of sessions which are blocking. Can we kill it? Yes, of course, PostgreSQL comes with a rich set of system administration functions:

postgres=# select pg_terminate_backend(2572);

… and the insert succeeds. Hope this helps …

PS: There is a great page on the PostgreSQL Wiki about locks.


Cet article Can I do it with PostgreSQL? – 17 – Identifying a blocking session est apparu en premier sur Blog dbi services.

Recommended join style

Tom Kyte - Tue, 2017-07-25 13:06
Dear Oracle Masters, here is a poor disciple looking for guidance, I know the way to reach the true knowledge does not have an end, but I would appreciate few words to make my journey more safe, especially for my fellow travelers. Here is my q...
Categories: DBA Blogs

Different behaviours in implicit conversion on 11g and 12c NVARCHAR type

Tom Kyte - Tue, 2017-07-25 13:06
Hi, We have encountered the below scenario when used with 11g and 12c respectively, -- test data <code>create table t1 (tid nvarchar2(10) primary key); insert into t1 values ('123'); insert into t1 values ('123-00'); insert into t1 value...
Categories: DBA Blogs

Subpartitioning on IOT tables

Tom Kyte - Tue, 2017-07-25 13:06
Hello ! I've asked on many places, but no definite answer. We are using IOT tables as counters storage medium. They are perfect for that purpose as they consists of only PK + VALUE, or PK + VALUE1, VALUE2, VALUE3 up to some VALUEn n being s...
Categories: DBA Blogs

Interdependent Foreign Key Constraints

Tom Kyte - Tue, 2017-07-25 13:06
Categories: DBA Blogs


Subscribe to Oracle FAQ aggregator