Security

connor_mc_d's picture

Quick tip–database link passwords

If you are relying on database links in your application, think carefully about how you want to manage the accounts that you connect with, in particular, when it comes to password expiry.

With a standard connect request to the database, if your password is going to expire soon, you will get some feedback on this:



SQL> conn demo/demo@np12
ERROR:
ORA-28002: the password will expire within 6 days


Connected.


But when using those same credentials via a database link, you will not get any warning, so when that password expires…you might be dead in the water.

Uwe Hesse's picture

orapwd gives OPW-00029 Password complexity failed in #Oracle 12.2

https://uhesse.files.wordpress.com/2017/06/complex1.png?w=600&h=508 600w, htt

fritshoogland's picture

A performance deep dive into column encryption

Actually, this is a follow up post from my performance deep dive into tablespace encryption. After having investigated how tablespace encryption works, this blogpost is looking at the other encryption option, column encryption. A conclusion that can be shared upfront is that despite they basically perform the same function, the implementation and performance consequences are quite different.

fritshoogland's picture

Oracle database 12.1.0.2.170117 (januari 2017 PSU) and TDE wallets

Recently, I was trying to setup TDE. Doing that I found out the Oracle provided documentation isn’t overly clear, and there is a way to do it in pre-Oracle 12, which is done using ‘alter system’ commands, and a new-ish way to do it in Oracle 12, using ‘administer key management’ commands. I am using version 12.1.0.2.170117, so decided to use the ‘administer key management’ commands. This blogpost is about an exception which I see is encountered in the Januari 2017 (170117) PSU of the Oracle database, which is NOT happening in Oracle 12.2 (no PSU’s for Oracle 12.2 at the time of writing) and Oracle 12.1.0.2 April 2016 and October 2016 PSU’s.

In order to test the wallet functionality for TDE, I used the following commands:

connor_mc_d's picture

Better to be safe than sorry…

I’ve always been worried about taking a script that is fine to run in my non-production environments (in particular a DROP script) and accidentally running it in a Production environment, shortly followed by the typing up of a fresh resume to look for a new job once the mistake is discovered Smile

pete.sharman's picture

Building a Hyper-V Environment for SharePoint Prototype – Part 3

In my previous post, I covered the installation of SQL Server 2016 SP1 for our Hyper-V environment. After that is completed, we are ready to install SharePoint Server 2016. That’s what I’ll be covering here. Firstly, you need to download a copy of the software. At the time of writing this post, SharePoint Server 2016 is available from Microsoft. That’s the version I’ve downloaded for installation on the VM.

Installing the Prerequisites

To start the installation, double click on the “officeserver.img” file that you downloaded:

pete.sharman's picture

Trusted Information Sharing – ABAC Architecture

In my previous post, I introduced you to the two concepts of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). ABAC resolves a number of the limitations associated with RBAC, as I discussed in that post. In this post, I wanted to drill into the architecture underlying ABAC a little bit more.

In simple terms, there are four main parts of the ABAC architecture. These are:

pete.sharman's picture

Trusted Information Sharing – Some Underlying Concepts

In a recent post, I explained a little bit about what my new role at archTIS is. archTIS is a company that focuses on the area of Trusted Information Sharing. Trusted Information Sharing is a concept that not too many people would understand the complexities of. In fact, when I first started in my new role I wasn’t aware of just how complex it was myself! To explain all that complexity in a single post would make for an incredibly long post, so what I’m going to do is explain it in a series of blog posts. Doing so will help you (the reader) understand this more readily, and assist me in checking my level of understanding as well. So let’s start off at the very basic level of some of the underlying concepts of Trusted Information Sharing (hereafter referred to as TIS) and why we need to have it.

fritshoogland's picture

A technical security analysis of the snmp daemon on Exadata

Recently I was asked to analyse the security impact of the snmp daemon on a recent Exadata. This system was running Exadata image version 12.1.2.1.3. This blog article gives you an overview of a lot of the things that surround snmp and security.

First of all what packages are installed doing something with snmp? A list can be obtained the following way:

# rpm -qa | grep snmp
net-snmp-utils-5.5-54.0.1.el6_7.1.x86_64
net-snmp-libs-5.5-54.0.1.el6_7.1.x86_64
net-snmp-5.5-54.0.1.el6_7.1.x86_64
sas_snmp-14.02-0103.x86_64

Essentially the usual net-snmp packages and a package called ‘sas_snmp’.

A next important thing is how the firewall is configured. However, the default setting of the firewall on the compute nodes with exadata is the firewall turned off:

Uwe Hesse's picture

How to safeguard against malicious developers in #Oracle 12c

AUTHID_CURRENT_USER can be misused by developers. The new object privilege INHERIT PRIVILEGES ON was introduced in 12c to prevent that. I start with a demo to explain the problem that the new features solves. The playground:

To prevent automated spam submissions leave this field empty.
Syndicate content