Peligro inminente, ¡Dios nos coja confesados!

Para los que aún no están enterados, se ha hecho pública una vulnerabilidad muy seria para quienes están trabajando con Oracle 10g o superior. Esta vulnerabilidad permite que un usuario con el mínimo privilegio de crear una sesión pueda tener acceso irrestricto a los archivos del servidor en el cual se está ejecutando la base de datos Oracle. Si quieren saber a qué nos estamos enfrentando a continuación les muestro lo fácil que es ganar (more...)

Your hosted application is a virus vector

We are all used to seeing SaaS as an acronym for Software as a Service. It also doubles as another acronym for the non-functional features of a SaaS architecture. When you're providing a hosted service there are a number of non-functional features that need to be considered such as Scalability, (more...)

Discoverer with EBS R12 – Sheet contains no data for custom Oracle eBusiness Suite Responsibility

So you're working with Discoverer 10g integrated with the Oracle eBusiness Suite on Release 12. You've installed and set everything up per Metalink/MOS Note 373634.1 "Using Discoverer 10.1.2 with Oracle E-Business Suite Release 12" plus created a custom application and responsibility to have it's own menu items corresponding to your Discoverer Workbooks/Worksheets.

You login to your new responsibility and click on your new menu entry that you created per Metalink/MOS Note "How to Create a Link to a Discoverer Workbook in Apps R12" and what do you get when you query subledger data such as Payables Invoices, (more...)

10g Migration Ramification Part 2: Making the database a safer place

In Part 2, I will be discussing a couple of the security changes Oracle has made in 10g Release 2 that have affected my life as a DBA. (I can't speak to 10g Release 1 as I pretty much skipped this release altogether). As a whole, these changes point to Oracle's continuing focus on database security, although it could be argued they have a long way to go.

Changes to the DEFAULT profile:
Oracle has made a change to the out-of-the-box setting of FAILED_LOGIN_ATTEMPTS of the DEFAULT profile. In 9i the default setting was UNLIMITED, however, in 10gR2, (more...)