The protective wrapping around the programming language used to write procedures and commands in the Oracle Corp. database -- PL/SQL -- isn't as ironclad as some
might expect, says Pete Finnigan, a well known Oracle database security guru and blogger. In fact, says Finnigan, who also serves as principal consultant and head of database security with Siemens Insight, it can be unraveled to give hackers access to sensitive data. In this SearchOracle.com podcast interview, Finnigan explains the exact nature of this problem and tells DBAs what they can do to protect their systems.
|Oracle security guru Peter Finnigan on the problem with PL/SQL|
the PL/SQL security podcast here: During the interview, Finnigan also offers tips for
Oracle DBAs who want to improve their careers by becoming Oracle security gurus in their own
- (00:38) Can you give us a brief overview of the nature of this PL/SQL security problem as you
- (03:42) It sounds like a design problem rather than something that can be easily patched. Is
- (04:57) What is the worst case scenario that could result from these problems?
- (06:20) Have you seen examples of folks exploiting these problems?
- (09:18) Oracle's quarterly critical patch updates have been the subject of much criticism of
late. What exactly is the problem here and what do you think the company needs to do to fix it?
- (12:00) Oracle has had a reputation for solid security in the past. Is this still true today?
- (13:45) What are some of the biggest security problems facing Oracle DBAs today, and what
problems do you see on the horizon?
expert warns of weakness in PL/SQL: A well-known Oracle bug hunter says the wrapping
mechanism used for PL/SQL -- the flagship language used in Oracle databases -- can be unraveled,
exposing sensitive data.
on Oracle security: A new one stop shop for Oracle security information.
Know-IT-All's Oracle Security Challenge: Let's find out how much you really know about