Pete Finnigan's Oracle security weblog
1,761 FOLLOWERS
PeteFinnigan.com's weblog is the only weblog dedicated to Oracle security.
Pete Finnigan's Oracle security weblog
1M ago
I had a conversation a few weeks ago with someone who asked me how to find a missing table when you have a wrapped PL/SQL file and cannot see the source code and you install it and it gives an....[Read More]
Posted by Pete On 18/03/24 At 01:00 PM ..read more
Pete Finnigan's Oracle security weblog
2M ago
How do you know how secure your Oracle databases are? How secure should your Oracle databases be? These are interesting questions that we will cover in this three part post. This first part is going to cover the high level....[Read More]
Posted by Pete On 19/02/24 At 01:43 PM ..read more
Pete Finnigan's Oracle security weblog
2M ago
My company PeteFinnigan.com Limited is 21 years old today!! It seems that time has gone so fast. When I started the company my oldest son was a baby and now he is almost 22 years old and works here in....[Read More]
Posted by Pete On 12/02/24 At 11:28 AM ..read more
Pete Finnigan's Oracle security weblog
2M ago
I have liked APEX for many years and been involved in auditing and securing Oracle databases that include APEX for many years. What surprises me sometimes is that those deploying and developing an APEX application treat it like a box....[Read More]
Posted by Pete On 29/01/24 At 03:35 PM ..read more
Pete Finnigan's Oracle security weblog
3M ago
I have investigated a number of possible and later proved data breaches in Oracle databases over the years and more recently just before Christmas I was doing the same again for a client. I cannot talk about any specifics of....[Read More]
Posted by Pete On 23/01/24 At 02:35 PM ..read more
Pete Finnigan's Oracle security weblog
3M ago
It has been a while since my last blog on the 29th December on the ACCESSIBLEBY Clause in PL/SQL . We had a well earned break after the New Year and myself, my wife and my youngest son visited New....[Read More]
Posted by Pete On 17/01/24 At 03:50 PM ..read more
Pete Finnigan's Oracle security weblog
4M ago
Over many years I have advocated using security in PL/SQL that checks that a caller is coming from the right place. For many years we have been able to do this with the call stack and test on our PL/SQL....[Read More]
Posted by Pete On 29/12/23 At 03:14 PM ..read more
Pete Finnigan's Oracle security weblog
4M ago
If you look at the permissions in the database that are possible for a PL/SQL procedure then it looks, at first site to be a little odd. Lets see the possible permissions for PL/SQL (Procedure) SQL> select * from system_privilege_map....[Read More]
Posted by Pete On 28/12/23 At 10:05 AM ..read more
Pete Finnigan's Oracle security weblog
4M ago
As part of any security audit we want to test the security or strength of passwords as well as any password management settings. We test database passwords of course with PL/SQL crackers and also C based crackers. We test RAS....[Read More]
Posted by Pete On 22/12/23 At 12:53 PM ..read more
Pete Finnigan's Oracle security weblog
4M ago
Over the years I have been asked to look at many databases to tell the customer how they were breached or hacked. This is part of forensic analysis and breach response. Quite often there is no audit trails in the....[Read More]
Posted by Pete On 11/12/23 At 09:07 AM ..read more