Security Blogs

Can We Add New Language Features to PL/SQL?

Pete Finnigan - Wed, 2024-05-15 14:06
This is a thought experiment really but is possible to do with some efforts and in a more targeted way. I have coded in PL/SQL for around 29 years and it is one of my favourite languages along with C....[Read More]

Posted by Pete On 08/05/24 At 11:20 AM

Categories: Security Blogs

Locate an Error in Wrapped PL/SQL

Pete Finnigan - Mon, 2024-03-18 08:46
I had a conversation a few weeks ago with someone who asked me how to find a missing table when you have a wrapped PL/SQL file and cannot see the source code and you install it and it gives an....[Read More]

Posted by Pete On 18/03/24 At 01:00 PM

Categories: Security Blogs

Attention PL/SQL Programmers - is your PL/SQL at risk of breach?

Pete Finnigan - Wed, 2024-03-06 17:26
Do you develop software in PL/SQL? I will show you in the next few minutes how you can learn to find security vulnerabilities in your PL/SQL code Even if the database that your PL/SQL is deployed to is secure then....[Read More]

Posted by Pete On 06/03/24 At 09:45 AM

Categories: Security Blogs

How to Secure all of Your Oracle Databases - Part 1

Pete Finnigan - Mon, 2024-02-19 16:26
How do you know how secure your Oracle databases are? How secure should your Oracle databases be? These are interesting questions that we will cover in this three part post. This first part is going to cover the high level....[Read More]

Posted by Pete On 19/02/24 At 01:43 PM

Categories: Security Blogs

Happy 21st Birthday to Limited

Pete Finnigan - Mon, 2024-02-12 18:06
My company Limited is 21 years old today!! It seems that time has gone so fast. When I started the company my oldest son was a baby and now he is almost 22 years old and works here in....[Read More]

Posted by Pete On 12/02/24 At 11:28 AM

Categories: Security Blogs

Securing APEX

Pete Finnigan - Tue, 2024-01-30 00:06
I have liked APEX for many years and been involved in auditing and securing Oracle databases that include APEX for many years. What surprises me sometimes is that those deploying and developing an APEX application treat it like a box....[Read More]

Posted by Pete On 29/01/24 At 03:35 PM

Categories: Security Blogs

Investigate an Oracle Database Breach

Pete Finnigan - Tue, 2024-01-23 21:26
I have investigated a number of possible and later proved data breaches in Oracle databases over the years and more recently just before Christmas I was doing the same again for a client. I cannot talk about any specifics of....[Read More]

Posted by Pete On 23/01/24 At 02:35 PM

Categories: Security Blogs

Happy New Year for 2024

Pete Finnigan - Wed, 2024-01-17 18:46
It has been a while since my last blog on the 29th December on the ACCESSIBLEBY Clause in PL/SQL . We had a well earned break after the New Year and myself, my wife and my youngest son visited New....[Read More]

Posted by Pete On 17/01/24 At 03:50 PM

Categories: Security Blogs


Pete Finnigan - Fri, 2023-12-29 17:26
Over many years I have advocated using security in PL/SQL that checks that a caller is coming from the right place. For many years we have been able to do this with the call stack and test on our PL/SQL....[Read More]

Posted by Pete On 29/12/23 At 03:14 PM

Categories: Security Blogs

Oracle Permissions and Statements or Actions

Pete Finnigan - Thu, 2023-12-28 04:46
If you look at the permissions in the database that are possible for a PL/SQL procedure then it looks, at first site to be a little odd. Lets see the possible permissions for PL/SQL (Procedure) SQL> select * from system_privilege_map....[Read More]

Posted by Pete On 28/12/23 At 10:05 AM

Categories: Security Blogs

Cracking APEX Passwords

Pete Finnigan - Fri, 2023-12-22 20:26
As part of any security audit we want to test the security or strength of passwords as well as any password management settings. We test database passwords of course with PL/SQL crackers and also C based crackers. We test RAS....[Read More]

Posted by Pete On 22/12/23 At 12:53 PM

Categories: Security Blogs

Apex Dictionary Views and their Security Mechanism

Pete Finnigan - Mon, 2023-12-18 06:26
My main focuses are 1) securing data in Oracle databases; either through performing security audits or helping people design and implement anything Oracle security related such as Database Vault or designing audit trails or VPD or encryption or... and 2....[Read More]

Posted by Pete On 18/12/23 At 11:15 AM

Categories: Security Blogs

Oracle Forensics - Missing User IDs

Pete Finnigan - Mon, 2023-12-11 09:26
Over the years I have been asked to look at many databases to tell the customer how they were breached or hacked. This is part of forensic analysis and breach response. Quite often there is no audit trails in the....[Read More]

Posted by Pete On 11/12/23 At 09:07 AM

Categories: Security Blogs

Secure Password Store - Wallets

Pete Finnigan - Mon, 2023-12-04 12:26
One of the key security issues I come across when performing security audits is the proliferation of passwords located on SQL files and OS shell scripts and more. If you get access to the server you can learn a lot....[Read More]

Posted by Pete On 04/12/23 At 01:48 PM

Categories: Security Blogs

SQL Firewall in 23c - UKOUG and Scripts

Pete Finnigan - Mon, 2023-11-27 15:26
I spoke at the UKOUG conference just over a week ago twice and the second of my talks was about the new SQL Firewall in Oracle 23c. This was a walk through of the SQL Firewall and what it does....[Read More]

Posted by Pete On 27/11/23 At 03:18 PM

Categories: Security Blogs

UKOUG 2023 - Using Database Vault in Real Life

Pete Finnigan - Mon, 2023-11-20 18:26
I went down to Reading, UK last week on the train from York and presented at the conference being held at Oracles offices there in Reading. This is a short post to raise that i have posted a pdf of....[Read More]

Posted by Pete On 20/11/23 At 09:44 AM

Categories: Security Blogs

UKOUG Conference 2023 - Reading - Two Oracle Security Talks

Pete Finnigan - Wed, 2023-11-15 10:06
Today the 15th November 2023 is the first day of the UKOUG annual conference this year held in Reading at Oracles office. The event is two days continuing into tomorrow. The event agenda is here . I am going to....[Read More]

Posted by Pete On 15/11/23 At 02:35 PM

Categories: Security Blogs

SQL*Plus Error Logging - SPERRORLOG Table

Pete Finnigan - Tue, 2023-11-07 08:46
In the last post we discussed the "set errorlogging on" SQL*Plus setting and the fact that we can direct errors in SQL to a log table so that errors that are in long running scripts or scripts run blind can....[Read More]

Posted by Pete On 07/11/23 At 11:13 AM

Categories: Security Blogs

Logging Errors in SQL*Plus

Pete Finnigan - Fri, 2023-11-03 14:06
Oracle has improved error messaging in a number of places over the years and we will discuss one of these now in this blog. Oracle added logging errors to a table in Oracle 11.1. This is a useful feature that....[Read More]

Posted by Pete On 03/11/23 At 01:25 PM

Categories: Security Blogs

User Least Privilege in the Oracle Database

Pete Finnigan - Tue, 2023-10-24 16:26
I have just posted my MS PPT slides for the first time to my website for a talk I did at the UKOUG conference in Liverpool in 2018. These slides are available for the talk UserLeast Privilege and I have....[Read More]

Posted by Pete On 24/10/23 At 03:33 PM

Categories: Security Blogs


Subscribe to Oracle FAQ aggregator - Security Blogs