Installing Wireshark and sniffing http communication on Red Hat

We had a situation where we were calling an external Web service that required custom http headers. When our request reached the Web service the customer http headers had disappeared. We did not know if the problem was with the OSB, our Internet proxy or the programmer :-) To find out (more...)

Mikko Hyppönen@TED

Doing more than just talking about viruses: he fires up a few classics in a DOS box and pokes around with a binary editor before looking at current threats and live infection data. Very cool and entertaining. Not many are brave enough to do live demos, but if you watch to the end you'll get to see how prepared he was for failure;-)

Best served with sides of:

How to deal with DBMS_RLS

Uncategorized
| Feb 7, 2011

How to deal with DBMS_RLS?

 

These last weeks I am trying to get the VPD option (Virtual Private Database) enabled for my application. This time as a developer with no DBA or SYS privileges. I am used to being a DBA for the databases I work on and am used to being able to get the fullest out of the Oracle database. For one, because I think Oracle provides us with a great deal of built-in features that do things more efficiently than we can do ourselves (more efficient, built-in kernel code) and also especially because it seems useless (more...)

Should we ban anonymity on the Internet?

In an Information Security article a few months back, Bruce Schneier (author of Schneier on Security) and Marcus Ranum put some points forward for and against internet anonymity. I have to admit that I agree with Schneier and find Ranum's argument quite weak. He appears to suggest that the (more...)

Oracle Critical Patch Update – April 2010


The 2nd critical patch update for 2010 (CPU April 2010) has been released by Oracle yesterday. Critical patch updates mostly contain fixes to security vulnerabilities plus it would have non-security fixes too. This critical patch update contains 47 new security fixes across all products which includes 7 for Oracle database. For the first time, CPU includes patches/fixes for Sun products. Please review the following URL to see if the product you are using requires this patch or not.


The next critical patch update (CPU) would be coming in July 2010.


Peligro inminente, ¡Dios nos coja confesados!

Para los que aún no están enterados, se ha hecho pública una vulnerabilidad muy seria para quienes están trabajando con Oracle 10g o superior. Esta vulnerabilidad permite que un usuario con el mínimo privilegio de crear una sesión pueda tener acceso irrestricto a los archivos del servidor en el cual se está ejecutando la base de datos Oracle. Si quieren saber a qué nos estamos enfrentando a continuación les muestro lo fácil que es ganar (more...)

Your hosted application is a virus vector

We are all used to seeing SaaS as an acronym for Software as a Service. It also doubles as another acronym for the non-functional features of a SaaS architecture. When you're providing a hosted service there are a number of non-functional features that need to be considered such as Scalability, (more...)

Discoverer with EBS R12 – Sheet contains no data for custom Oracle eBusiness Suite Responsibility

So you're working with Discoverer 10g integrated with the Oracle eBusiness Suite on Release 12. You've installed and set everything up per Metalink/MOS Note 373634.1 "Using Discoverer 10.1.2 with Oracle E-Business Suite Release 12" plus created a custom application and responsibility to have it's own menu items corresponding to your Discoverer Workbooks/Worksheets.

You login to your new responsibility and click on your new menu entry that you created per Metalink/MOS Note "How to Create a Link to a Discoverer Workbook in Apps R12" and what do you get when you query subledger data such as Payables Invoices, (more...)

Security, Forecasting Oracle Performance and Some stuff to post… soon…

I’ve been busy this February “playing around/studying” on the following:

1) Oracle Security products (Advance Security Option, Database Vault, Audit Vault, Data Masking, etc. etc.). Well, every organization must guard their digital assets against any threat (external/internal) because once compromised it could lead to negative publicity, lost revenue, litigation, lost of trust.. and the list goes on.. I’m telling you, Oracle has a lot to offer (breadth of products and features, some of them are even free!) on this area and you just need to have the knowledge to stitch them..

I’ll recommend a great book on Security, (more...)

10g Migration Ramification Part 2: Making the database a safer place

In Part 2, I will be discussing a couple of the security changes Oracle has made in 10g Release 2 that have affected my life as a DBA. (I can't speak to 10g Release 1 as I pretty much skipped this release altogether). As a whole, these changes point to Oracle's continuing focus on database security, although it could be argued they have a long way to go.

Changes to the DEFAULT profile:
Oracle has made a change to the out-of-the-box setting of FAILED_LOGIN_ATTEMPTS of the DEFAULT profile. In 9i the default setting was UNLIMITED, however, in 10gR2, (more...)