INDEX to SYSDBA without SELECT

Hello Oracle Security Readers, If we combine the following factors together then we can identify an escalation route from Index on SYSTEM to SYSDBA which does not require SELECT privileges on the indexed table: 1. SYSTEM passes it’s DBA role through it’s procedures. 2. Oracle indexes allow execution from read via functions i.e. INDEX can [...]

Hacktivity

Hi Guys, OOW was the trip of a lifetime. Watching Oracle USA win the cup with Ben Ainslie was great, as was watching Larry’s keynote live. Columnar in memory DB looks interesting and competition for Hana. I presented at the excellent Delphix event with OakTable, and picked up some good (more...)

OOW and Oak Table

Hi Oracle Security Readers, OOW is here again and I will be giving a short “In a nutshell – 3 good and 3 bad points on 12c” at Oak Table World http://www.kylehailey.com/oaktable-world/agenda/ This can be regarded as a short taster for the upcoming book. http://www.springer.com/computer/database+management+%26+information+retrieval/book/978-1-4302-6211-4 You (more...)