Monday, May 26th, 2008
So, you think you’ve removed that sensitive data
I had an interesting conversation with Alexander Kornbrust yesterday about cloning databases. Most DBAs I know copy database files from production to create staging, integration and test environments. Those environments contain a lot of sensitive information (PII, CC, etc.) which is usually either deleted, scrambled or truncated. The problem with these solutions is that most [...]
3 Comments » - Posted in DBA, Oracle, insider threat, security, technical tips by Slavik
Sunday, March 16th, 2008
Presenting at the UKOUG DBMS SIG this week
I’ll be presenting on Oracle database hacking and security at the UKOUG DBMS Special Interest Group meeting this week. The meeting will take place on Thursday, 20th March 2008 in Baylis House, Slough (UK, obviously). Here’s the link for the agenda and details http://www.ukoug.org/calendar/show_event.jsp?id=3358
Hope to see some of you there - come and say hello…
No Comments » - Posted in OUG, Oracle by Slavik
Thursday, January 17th, 2008
Most DBAs do not apply security patches
In a recent survey we conducted, it turned out the DBAs are mostly ignoring security patches. Two thirds of the DBAs have never applied a CPU and only about 10% of them are applying CPUs in a timely fashion. After releasing the survey, we had some interesting responses in online publications [...]
2 Comments » - Posted in Oracle, security by Slavik
Wednesday, November 28th, 2007
Impressions from Oracle OpenWorld 2007
Oracle OpenWorld came and went. I had some interesting sessions which I’ll summarize shortly, some less interesting sessions, lots of beer and a great concert by Billy Joel and Lenny Kravitz. I arrived in SF on Friday night from Philadelphia (after being selected again at the airport for “random” inspection). I had several interesting meetings [...]
No Comments » - Posted in Oracle by Slavik
Saturday, November 17th, 2007
Propagating Middle-Tier and Application Users to the DBMS (Part 3 of 3)
Well, finally I’m writing the third part of the blog. The thing that pushed me to finish this was a talk I had with Tim Hall of Oracle-base fame after his Unconference presentation in Oracle OpenWorld. Tim told me that his Java developers are claiming that adding user context information in an already existing application [...]
No Comments » - Posted in Java, Oracle, security, technical tips by Slavik
Wednesday, August 22nd, 2007
Oracle CPUs - Do We Care?
I promised to blog a bit about my traveling, so here I go:
I was visiting customers in India and the US and giving presentations to Oracle user groups in the US. Amazingly, the state of US airports is just getting worse every month. Flying from Israel to India and from India to NY went without [...]
6 Comments » - Posted in DBA, Oracle, compliance, patching by Slavik
Sunday, June 17th, 2007
Hedgehog: New Database Security Solution
This is a personal as well as a commercial posting for me… Tomorrow is a special day in the short history of my company - after long months of R&D, we are finally releasing our product, named Hedgehog (there’s already some coverage in Dark Reading). These are very exciting times both for me personally and [...]
3 Comments » - Posted in Oracle, monitoring, security by Slavik
Sunday, June 10th, 2007
Propagating Middle-Tier and Application Users to the DBMS (Part 2 of 3)
As promised, this is the second of a three part blog entry discussing the propagation of middle-tier users to the database. This post will mainly concentrate on the Java side of things. I will show how to use Spring-framework’s excellent transactional support using AOP to add an additional advice, relying on ThreadLocal to pass application [...]
6 Comments » - Posted in Oracle, Uncategorized, technical tips, user identity by Slavik
Tuesday, May 22nd, 2007
Propagating Middle-Tier and Application Users to the DBMS (Part 1 of 3)
Well, I threatened to post something more technical, and here we are. I’ve just come back from a business trip to the US, meeting some prospects and customers. As always, I was asked a lot of technical questions. One of the frequent questions I encounter is - how can we propagate the application user and [...]