It is not difficult to create an SSL/TLS certificate and configure an Apache HTTP Server to use it. But I found that there are some things you need to know that does not necessarily make much sense. Here are some lessons learned and a couple of tips.
Intermediate and Root (more...)
These are some amazing statistics…
If you do a default installation of the WebLogic Server user activity is not audited. WebLogic has a build in Auditing Provider but it has to be enabled.
The Audit Provider can log these events.
To enable it via the Admin Console got to Security Realms => myrealm => Providers (more...)
I bet if any of you have an exposed server to an internet connection, without properly firewall protection, that your server is under heavy fire from hackers around the “world”… By the world I mean mostly China and Russia ssh attacks. If you’re curious, on Linux you can check the (more...)
I was interviewed for a nice article about database security on Dark Reading. The interesting question, I think, is not wether to invest in DB security. To me, it’s a given that you have to do it (even though some customers still don’t agree). The question is – how will the threat landscape change if [...]
Oracle Databases has a powerful set of grants and permissions. One of the easy philosophies behind it is just to hide anything a user is not allowed to see. Technically this leads to an error message
ORA-00942: table or view does not exist
More precisely it should give a text like
table or view does not exist or you are not allowed to access it
For an ordinary user/schema separation there might be no big difference: If user A
can not read table B.TAB
it's of no value for user A
whether the object does not exist or is just not (more...)
by Fábio Souza & Eduardo Rodrigues
We know. It’s been a looooooong time again. But once you read this post, we are quite sure you’ll be happy we took the time to write it. And it’s also...
This is a summary only. Please, visit the blog for full content (more...)
I’m an huge NGINX fan. Nginx pronounced “Engine-X” is an open source Web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. Nginx is awesome… really. I use it since 0.6 beta and never (more...)
In the Oracle DBA World at the moment CVE-2012-1675
is a great issue. Oracle announced some methods
how to secure existing systems. But these are sometimes not that easy, and there is no backport for older systems.
As I investigated the problem how to secure a connection manager
I was hinted at Note:1455068.1
The solution is somewhat easy: Only allow incoming connections to your
systems. e.g. (rule=(src=*)(dst=10.220.8.114)(srv=*)(act=accept))
In a well designed environment where you can separate your DB Servers from others at low network layers, a set of CMAN (more...)
Gone are the day when cleartext passwords had to be stored in scripts for Oracle database access. The solution to this requirement is “Oracle Secure External Password Store (SEPS)”. This article will give a short introduction and a practical example of the solution.
no Advanced Security Option (License) necessary
every unix-account, who has access to the wallet can use it to log on to the contained databases without a password! Therefore prevent other unix-accounts from accessing your wallet! (chmod, chown)
: Unix-Account, who wishes to connect to the database without providing a password needs to (more...)
Yep, I did again :-(.
After playing around with the new sampleapp107 I managed to crash the VM. After a reboot the OID refused to start up. It seemed that because there was still an active status record in the ODS schema, the OPMN couldn’t find anything to start.
Solution: truncate the "ODS"."ODS_PROCESS_STATUS" and "ODS"."ODS_GUARDIAN" tables in your database repository.
(Not sure if the "ODS"."ODS_GUARDIAN" is really necessary…. Please correct me if I’m wrong)
Till Next Time
Sometimes I need to open for communication on a port in the local firewall on a Linux box. Until now I have relied on the lokkit command or if a GUI is available system-config-securitylevel.
I recently had some situations where lokkit was not working, so I decided to dig a (more...)
We had a situation where we were calling an external Web service that required custom http headers. When our request reached the Web service the customer http headers had disappeared. We did not know if the problem was with the OSB, our Internet proxy or the programmer To find out (more...)
How to deal with DBMS_RLS?
These last weeks I am trying to get the VPD option (Virtual Private Database) enabled for my application. This time as a developer with no DBA or SYS privileges. I am used to being a DBA for the databases I work on and am used to being able to get the fullest out of the Oracle database. For one, because I think Oracle provides us with a great deal of built-in features that do things more efficiently than we can do ourselves (more efficient, built-in kernel code) and also especially because it seems useless (more...)
In an Information Security article a few months back, Bruce Schneier (author of Schneier on Security
) and Marcus Ranum put some points forward for and against internet anonymity
. I have to admit that I agree with Schneier and find Ranum's argument quite weak. He appears to suggest that the (more...)
The 2nd critical patch update for 2010 (CPU April 2010) has been released by Oracle yesterday. Critical patch updates mostly contain fixes to security vulnerabilities plus it would have non-security fixes too. This critical patch update contains 47 new security fixes across all products which includes 7 for Oracle database. For the first time, CPU includes patches/fixes for Sun products. Please review the following URL to see if the product you are using requires this patch or not.
The next critical patch update (CPU) would be coming in July 2010.
We are all used to seeing SaaS as an acronym for Software as a Service. It also doubles as another acronym for the non-functional features of a SaaS architecture. When you're providing a hosted service there are a number of non-functional features that need to be considered such as Scalability, (more...)
So you're working with Discoverer 10g integrated with the Oracle eBusiness Suite on Release 12. You've installed and set everything up per Metalink/MOS Note 373634.1 "Using Discoverer 10.1.2 with Oracle E-Business Suite Release 12" plus created a custom application and responsibility to have it's own menu items corresponding to your Discoverer Workbooks/Worksheets.
You login to your new responsibility and click on your new menu entry that you created per Metalink/MOS Note "How to Create a Link to a Discoverer Workbook in Apps R12" and what do you get when you query subledger data such as Payables Invoices, (more...)