Musings on Database Security

Slavik’s Blog

Archive for June, 2007

Sunday, June 17th, 2007

Hedgehog: New Database Security Solution

This is a personal as well as a commercial posting for me… Tomorrow is a special day in the short history of my company - after long months of R&D, we are finally releasing our product, named Hedgehog (there’s already some coverage in Dark Reading). These are very exciting times both for me personally and [...]

3 Comments » - Posted in Oracle, monitoring, security by Slavik

---

Sunday, June 10th, 2007

Propagating Middle-Tier and Application Users to the DBMS (Part 2 of 3)

As promised, this is the second of a three part blog entry discussing the propagation of middle-tier users to the database. This post will mainly concentrate on the Java side of things. I will show how to use Spring-framework’s excellent transactional support using AOP to add an additional advice, relying on ThreadLocal to pass application [...]

6 Comments » - Posted in Oracle, Uncategorized, technical tips, user identity by Slavik

---

Friday, June 8th, 2007

Chronicle of a Breach Foretold

About a month ago I posted about breaches at educational institutions, and suggested that rectifying the problem could start by simply not hoarding PII (personally identifiable information) unnecessarily.
Today I read about this breach at Northwestern University (not the first data breach for them) where social security numbers of 4,000 individuals may have been compromised, including [...]

1 Comment » - Posted in breach, privacy, universities by Slavik

---

• Tags

  bind_variables breach breach-notification compliance conference database-monitoring database-security database_security DBA educational_institutions hedgehog hipaa insider threat insider_threat intrusion monitoring MS SQL Server off-topic Oracle oracle_database_security oracle_security patching PCI Personal personally_identifiable_information pii presentation privacy regulatory-compliance sarbanes-oxley sb1386 security segregation_of_duties social_security_numbers SQL injection sql_injection technical technical tips TJX ukoug universities user identity visa vulnerability webcast

• Categories

  • breach
  • compliance
  • credit cards
  • DBA
  • encryption
  • insider threat
  • Java
  • monitoring
  • MS SQL Server
  • Oracle
  • OUG
  • patching
  • PCI
  • Personal
  • privacy
  • sb1386
  • security
  • SQL injection
  • technical tips
  • TJX
  • Uncategorized
  • universities
  • user identity

• Blogroll

  • Educational Security Incidents (ESI)
  • Julian Dyke
  • Oracle Chemist
  • Pete Finnigan’s Oracle security weblog
  • Peter Swire
  • Phat4Oracle
  • Security Incite
  • Securosis
  • Sentrigo
  • Tanel Poder

• Meta

  • Register
  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

•  

  June 2007

  M	T	W	T	F	S	S
  « May				Jul »
  				1	2	3
  4	5	6	7	8	9	10
  11	12	13	14	15	16	17
  18	19	20	21	22	23	24
  25	26	27	28	29	30

Musings on Database Security is powered by WordPress 2.5.1 and delivered to you in 0.652 seconds using 19 queries.
Theme: Connections Reloaded v1.5 by Ajay D'Souza. Derived from Connections.