Oracle E-Business Suite 12.2 Mobile Application Security

This is the tenth posting in a blog series summarizing the new Oracle E-Business Suite 12.2 Mobile and web services functionality and recommendations for securing them.

Oracle Corporation has been building out Mobile and Smartphone applications for the Oracle E-Business Suite for a number of releases. Before release 12.2.5, this functionality was designed only for deployment through a corporate VPN, not through an Oracle E-Business Suite external node over the Internet (e. (more...)

Failed to create voting files on disk group RECOC1

Long story short, faced this issue while running OneCommand for one Exadata system. The root.sh step (Initialize Cluster Software) was failing with the following error on the screen

Checking file root_dm01dbadm02.in.oracle.com_2017-04-27_18-13-27.log on node dm01dbadm02.somedomain.com
Error: Error running root scripts, please investigate…
Collecting diagnostics…
Errors occurred. Send /u01/onecommand/linux-x64/WorkDir/Diag-170427_181710.zip to Oracle to receive assistance.

Doesn’t make much sense. So let us check the log file of this step

2017-04-27 (more...)

Passing Single Quotes in DBMS Assert Package

Uncategorized
| Apr 27, 2017
Today, while describing the usefulness of DBMS_ASSERT package to prevent SQL and PL/SQL Injection attacks someone asked me how to pass a string with single quotes successfully to this package.

First, if you don't know what DBMS_Assert is or why you should know about it, check out the presentation on this blogpost. In summary, the ENQUOTE_LITERAL() function strips off all the single quotes from around the string and replace with just a pair of single (more...)

Preventing SQL and PL/SQL Attacks at New York Meetup

Uncategorized
| Apr 27, 2017
Thank you all for attending my session at New York Meetup and New York Oracle User Group Spring Meeting in New York City on April 27th. I am truly honored by your presence, and especially for the questions.

You can download the presentation here And the scripts I used for the demos here. As always, I will appreciate your feedback either via comments here, or on social media or emails.

Twitter @ArupNanda
Facebook.com/ArupKNanda

Interactive Report Download Button only for a certain Authorization Role

The Interactive Report has this great download feature where you can export everything you can see.
Anyway there are circumstances where the customer doesn't want that feature open for everyone.

In APEX you can only choose if you want the download button or not.
Even so APEX can't do it out of the box. There is a way to make your application able to do it.

Since APEX 5 you can't download when the "Download" (more...)

Closing Dataguard Transfer and Apply Gaps

In the last week, I had two customers that had some failures with their standby databases and contacted me about closing their DG gaps. Since this kind of problems is common, and since the solutions are fairly easy I thought it worth a post to document this for their and your use.

Before we begin, let’s understand what dataguard gaps are. There are two types of gaps: transport and apply gaps. The transport gaps problem (more...)

Oracle Unified Auditing Performance Issues and 12.2 Improvements

For those of you using and/or considering Unified Auditing, in case you might have missed, Oracle has made significant changes to Unified Auditing in 12.2. Unified Auditing, new in Oracle 12c, represents a complete rewrite of how native database auditing works - see the links below for Integrigy research on Unified Auditing.

With Oracle 12.1, when using Unified Auditing, reads of the UNIFIED_AUDIT_TRAIL view were not performant. With Oracle 12.2, a new (more...)

Love Your Data Conference in NYC on 31st May

In this InfoEra, its all about data.Whether its in the cloud or on-premises everything is truly revolving around and is for data. Pythian understood that decades ago and loving the data of their customers since day one. They are showcasing this love on 31st May in NYC.

http://promo.pythian.com/love-your-data-conference/


To help you turn your organization into a truly data-driven business, this interactive 1-day event in New York City on May 31, 2017, combines presentations, practical interactive (more...)

Vagrant? Again? …Really?

(Yes. And Ansible. And Oracle…) TL;DR. This is the repo I’ll be talking about. It can use Ansible to provision Oracle (SI/RAC). Like I’ve said before, I use Vagrant quite a lot and I basically have 2 configs that I use every time. One that uses an external ‘hosts.yml’ to define the hosts (ip, ram etc) […]

Oracle E-Business Suite 12.2 Web Services Security for Oracle Supplier Network

This is the ninth posting in a blog series summarizing the new Oracle E-Business Suite 12.2 Mobile and web services functionality and recommendations for securing them.

The most common use of web services with the Oracle E-Business Suite is the Oracle Suppler Network (OSN). Do not confuse OSN with the Oracle Social Network (also referred to as OSN) or when configuring OSN, do not confuse the Oracle Transport Agent (OXTA) web services with Oracle (more...)

Moving your Oracle Data to the Cloud with Minimal Downtime


Moving from an on-premise Oracle database to the Cloud can mean a whole host of different challenges, and these are different for every business. One of the things we’ve tackled for larger companies is the problem of migrating a lot of data, with not much time to play with. Big businesses come with big sets of data, and often don’t have time to spare for a lengthy window of downtime. Systems down means money spent, (more...)

Breaking News! Dodeca Spreadsheet Management System Certified on Oracle Analytics Cloud!

Now that the Oracle Analytics Cloud, or "OAC", has been released, we had to get serious about our work with one of the Oracle Analytics Cloud components, the Essbase Cloud Service, or "EssCS" for short.  You would think that we should have been working hard on EssCS for quite some time, but we had been assured by Oracle product management that the Essbase Java API would be available in EssCS.  Of course, Dodeca was built (more...)

Oracle RENO

Oracle RENO

R = REST
E = Express
N = Node.js
O = (Node)OracleDB

I've read am article about an REST Api with Node.js and Node-OracleDB at the website of Amis and at the website of Sivakumar Balagopalan.

This inspired me to write a application on the employee table inside the HR schema. The url http://machine:3000/employees fetches all rows in the employees table.

 The url http://machine:3000/employees/200 fetches the employee with employee_id 200 from (more...)

Guide to PeopleSoft Logging and Auditing – Revised Whitepaper

After discussions at Collaborate2017 with several PeopleSoft architects we have revised our Guide to PeopleSoft Auditing. The key change is the recommendation NOT to use PeopleSoft’s native database auditing and to instead use Oracle Fine Grained Auditing (FGA). FGA comes free with the Enterprise Edition of the Oracle RDBMS and, not only is it easier to implement, FGA does not have the performance impact of PeopleSoft’s native auditing.

If you have questions, please contact us at info@integrigy. (more...)

Setting up a development environment


I'm setting up a new development environment so I can do some development with JavaScript, ApEx and REST.

Gitlab on Raspberry Pi
I've a Raspberry Pi 3 and followed the installation instruction on https://about.gitlab.com/2015/04/21/gitlab-on-raspberry-pi-2/. After the installation I have a working gitlab on the Raspberry and I created new projects inside gitlab. 

Pre-installed appliance
I've downloaded the "Network Applications VM" from Oracle Technet. The appliance contains the following: 
  • Oracle Linux 7 
  • Oracle Java JDK (more...)
  • Come to the UKOUG PeopleSoft Roadshow

    The UK Oracle User Group PeopleSoft Roadshow is nearly upon us. It’s my favourite PeopleSoft event in the UK’s calendar as you know that everyone there has a focus on PeopleSoft and the agenda is always really strong.

    It’s 26th April (yes, a week today!) in the Crowne Plaza, London – the same as last time, which was a great venue.

    Oracle US Speakers

    In terms of Oracle speakers, we’re spoiled this year with (more...)

    Oracle Enterprise Linux – Pre-Built for Enterprise

    We've shared the AMI we use for running Oracle Enterprise Products like e-Business Suite. You'll find it on the AWS Marketplace pre-loaded with all the pre-requisites you need for your Oracle implementation on AWS.

    Link to the Marketplace...


    Oracle Audit Trail Add Program Name

    The program name attribute (V$SESSION.PROGRAM) is not by default passed to Oracle’s audit logs. It can be optionally included. To do so, apply Patch 7023214 on the source database. After the patch is applied, the following event needs to be set:

    ALTER SYSTEM SET
               EVENT='28058 trace name context forever'
               COMMENT='enable program logging in audit trail' SCOPE=SPFILE;

    The table below summarizes key session attributres (V$SESSION) that are passed/not passed to Oracle auditing

    Oracle Audit Trails

    Session Attribute

    (more...)

    HCM Cloud R12 – 3 Cool Things

    Just to give y'all a taste for HCM Cloud R12 as it rolls out, here are 3 new features I find really cool.

    1.  Home Page with Quick Actions 



    The coolness here comes from being able to easily initiate an action without requiring the user to have any knowledge of the application structure, navigation, or work area organization.  Simply find what you want to do and do it.  And, for the security geeks out there, (more...)

    eAdam 3.0

    Source: eAdam 3.0