Security Blogs

Should We Security Patch Oracle Databases?

Pete Finnigan - Mon, 2021-07-12 22:46
Spoiler: Of course! Security patching of Oracle databases can be a touchy and complex subject for some companies. It is perceived to be complex; companies don’t want the downtime; business is worried that a security patch can break the applications....[Read More]

Posted by Pete On 12/07/21 At 03:33 PM

Categories: Security Blogs

Unwrapping PL/SQL Source Code and Proving the Code is Recovered

Pete Finnigan - Tue, 2021-07-06 20:06
We get asked by people if we can recover customers PL/SQL quite a few times a year. This is because they no longer have access to the original clear text PL/SQL. We can of course get this code back for....[Read More]

Posted by Pete On 06/07/21 At 04:00 PM

Categories: Security Blogs

Redo Log Endian and Magic Number

Pete Finnigan - Thu, 2021-06-24 14:46
It has been a while since the last blog post. I had intended to post more since earlier this year but due to ill health with covid in January and February and now heavy business load we have had little....[Read More]

Posted by Pete On 24/06/21 At 02:15 PM

Categories: Security Blogs

Oracle Security Training Presentations

Pete Finnigan - Tue, 2021-03-16 14:46
Why not make good use of your stay at home time and get excellent very cost effective training in all areas of securing data in your Oracle databases. I have just made live a new set of training dates on....[Read More]

Posted by Pete On 16/03/21 At 02:51 PM

Categories: Security Blogs

Happy 18th Birthday Limited

Pete Finnigan - Wed, 2021-02-17 02:06
It has been an eventful year last year and 2021 started a bit strange due to lockdown. Last Friday our company Limited came of age; it was 18 years old. Wow, it has been a long and interesting journey....[Read More]

Posted by Pete On 16/02/21 At 02:43 PM

Categories: Security Blogs

Upcoming Webinar: Oracle Database 21c New Security Features

Thursday, January 28, 2021 - 2:00 pm to 3:00 pm EST

Oracle Database 21c has been released and is the latest innovation release of the Oracle Database.  A number of new security features are included with this release and should be adopted when creating new databases or upgrading existing databases. This educational webinar will review the new security features and changes in security for this database release. Key new security features are blockchain table, gradual database password rollover, mandatory case sensitive passwords, and Unified Auditing enhancements.

>>> Register for this webinar <<< 

Oracle Database
Categories: APPS Blogs, Security Blogs

Upcoming Webinar: Oracle E-Business Suite Security for Auditors

Oracle E-Business Suite Security for Auditors

Thursday, December 17, 2020 - 2:00 pm to 3:00 pm EST

Auditors are trained to understand the financial aspects and the end user functionality of Oracle E-Business Suite. However, most auditors have not been trained in the security features and technical aspects of Oracle E-Business Suite. This education webinar will dive into the key security features within Oracle E-Business Suite. Key configuration settings, protecting sensitive data, concerns and risks with user privileges, and compliance issues related to SOX will be discussed and how to audit these areas.

>>> Register for this webinar <<< 

Sarbanes-Oxley (SOX), Oracle E-Business Suite, Auditor
Categories: APPS Blogs, Security Blogs

TCPS Connection With an Oracle Instant Client

Pete Finnigan - Fri, 2020-11-27 09:46
All of our products ( PFCLScan , PFCLCode , PFCLObfuscate and can use an Oracle instant client to connect to the target database(s) or even a full client. It is of course simpler to use an instant client if....[Read More]

Posted by Pete On 27/11/20 At 03:56 PM

Categories: Security Blogs

PL/SQL, AST, DIANA, Attributes and IDL

Pete Finnigan - Tue, 2020-04-07 01:06
I have been wanting to write a detailed post about this subject for a very long time and indeed I have had some notes and screen dumps for some of this for more than 15 years for some parts of....[Read More]

Posted by Pete On 06/04/20 At 08:57 PM

Categories: Security Blogs

PL/SQL Machine Code Trace - event 10928

Pete Finnigan - Thu, 2020-04-02 11:06
I have had an interest in PL/SQL for more around 25 years. I have always liked this great language as its powerful and simple and a great tool for writing code in the database. I wrote my very first PL/SQL....[Read More]

Posted by Pete On 02/04/20 At 01:33 PM

Categories: Security Blogs

Be Careful of What You Include In SQL*Net Security Banners

Pete Finnigan - Wed, 2020-04-01 16:46
A short post today to add a little to the post I made the other day. In that post Add A SQL*Net Security Banner And Audit Notice I talked about using the sqlnet.ora parameters SEC_USER_AUDIT_ACTION_BANNER and SEC_USER_UNAUTHORIZED_ACCESS_BANNER to add security....[Read More]

Posted by Pete On 01/04/20 At 11:50 AM

Categories: Security Blogs

Oracles Free TNS Firewall - VALIDNODE_CHECKING

Pete Finnigan - Tue, 2020-03-31 22:26
I said in a post a couple of days ago that my overall plan to secure an Oracle database; actually my plan is to secure the data in an Oracle database not blindly just secure Oracle. We must focus on....[Read More]

Posted by Pete On 31/03/20 At 12:26 PM

Categories: Security Blogs

Add A SQL*Net Security Banner And Audit Notice

Pete Finnigan - Mon, 2020-03-30 09:46
I would have to say whilst I see security banners on customers Unix boxes when I am allowed to log in as part of a security audit I canot ever remember seeing a security banner when I log into a....[Read More]

Posted by Pete On 30/03/20 At 02:02 PM

Categories: Security Blogs

ORA-28050 - Can I drop the SYSTEM User?

Pete Finnigan - Sat, 2020-03-28 02:46
Two things most annoy me with the Oracle database in terms of securing it and this is the abundance of default users in most Oracle databases that I perform security audits on and also the massive amount of PUBLIC grants....[Read More]

Posted by Pete On 27/03/20 At 06:11 PM

Categories: Security Blogs

Setting Users Impossible Passwords BY VALUES and Schema Only Accounts

Pete Finnigan - Thu, 2020-03-26 14:06
I plan to try and write some Oracle security based blog posts whilst working from home. These promises when I have made them in the past usually end up not coming true due to other work and things getting more....[Read More]

Posted by Pete On 26/03/20 At 02:38 PM

Categories: Security Blogs

CoronaVirus - We are Still Open

Pete Finnigan - Wed, 2020-03-25 19:46
Everyone must now be affected in some way about coronavirus. We had an inkling that Boris Johnson and his government would enact a more severe lock down in the UK. So in anticipation I decided on Monday that we needed....[Read More]

Posted by Pete On 25/03/20 At 01:27 PM

Categories: Security Blogs

XS$NULL - Can we login to it and does it really have no privileges?

Pete Finnigan - Tue, 2020-02-18 15:11
I have read on line about XS$NULL over the years and particularly the documentation that states that it has no privileges. The documentation states the following: An internal account that represents the absence of a user in a session. Because....[Read More]

Posted by Pete On 17/02/20 At 01:09 PM

Categories: Security Blogs

Bug Bounty

Pete Finnigan - Tue, 2020-02-11 18:04
There has been a rise on bug bounty programs and websites that help researchers find and disclose bugs to website and other owners with the hope of a payout from the owner of the vulnerable wesbsites. Some big well known....[Read More]

Posted by Pete On 11/02/20 At 10:09 AM

Categories: Security Blogs

PL/SQL That is not DEFINER or INVOKER rights - BUG?

Pete Finnigan - Sat, 2020-02-01 12:01
Note: Part 2 - PL/SQL Package with no DEFINER or INVOKER rights - Part 2 is available that takes this investigation further I always understood that PL/SQL objects in the database that are not explicitly changed to INVOKER rights....[Read More]

Posted by Pete On 24/01/20 At 03:19 PM

Categories: Security Blogs

PL/SQL Package with no DEFINER or INVOKER rights - Part 2

Pete Finnigan - Sat, 2020-02-01 12:01
I posted about a discovery I made whilst testing for an issue in our PL/SQL code analyser checks in PFCLScan last week as I discovered that the AUTHID column in DBA_PROCEDURES or ALL_PROCEDURES or USER_PROCEDURES can be NULL; this caused....[Read More]

Posted by Pete On 28/01/20 At 03:11 PM

Categories: Security Blogs


Subscribe to Oracle FAQ aggregator - Security Blogs