
	Home > Oracle Database / Applications News > Oracle security guru Peter Finnigan on the problem with PL/SQL

Oracle Database / Applications News:

EMAIL THIS

Oracle security guru Peter Finnigan on the problem with PL/SQL

By Mark Brunelli, News Editor
07 Sep 2006 | SearchOracle.com

Oracle tips, scripts, and expert advice

Digg This! StumbleUpon Del.icio.us

The protective wrapping around the programming language used to write procedures and commands in the Oracle Corp. database -- PL/SQL -- isn't as ironclad as some might expect, says Pete Finnigan, a well known Oracle database security guru and blogger. In fact, says Finnigan, who also serves as principal consultant and head of database security with Siemens Insight, it can be unraveled to give hackers access to sensitive data. In this SearchOracle.com podcast interview, Finnigan explains the exact nature of this problem and tells DBAs what they can do to protect their systems.

Oracle security guru Peter Finnigan on the problem with PL/SQL

Download the PL/SQL security podcast here: During the interview, Finnigan also offers tips for Oracle DBAs who want to improve their careers by becoming Oracle security gurus in their own right.

Program highlights:

(00:38) Can you give us a brief overview of the nature of this PL/SQL security problem as you see it?

(03:42) It sounds like a design problem rather than something that can be easily patched. Is this true?

(04:57) What is the worst case scenario that could result from these problems?

(06:20) Have you seen examples of folks exploiting these problems?

(09:18) Oracle's quarterly critical patch updates have been the subject of much criticism of late. What exactly is the problem here and what do you think the company needs to do to fix it?

(12:00) Oracle has had a reputation for solid security in the past. Is this still true today?

(13:45) What are some of the biggest security problems facing Oracle DBAs today, and what problems do you see on the horizon?

Program Links:

Oracle expert warns of weakness in PL/SQL: A well-known Oracle bug hunter says the wrapping mechanism used for PL/SQL -- the flagship language used in Oracle databases -- can be unraveled, exposing sensitive data.

Spotlight on Oracle security: A new one stop shop for Oracle security information.

Mr. Know-IT-All's Oracle Security Challenge: Let's find out how much you really know about Oracle security.

Tags: Oracle database availability, Oracle database backup and recovery, Oracle database design and architecture, Oracle error messages, Oracle database installation, upgrades and patches, Oracle database export, import and migration, Oracle database performance problems and tuning, Oracle RAC and database clustering, Oracle database security, Using Oracle PL/SQL, Oracle stored procedures, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Oracle database availability
	Firm dumps MySQL on Red Hat for Oracle Database on Oracle Linux
	Data modeling tools no substitute for hard work
	Oracle RMAN case study: Improving backup and recovery efficiency
	Oracle and the rise of the virtual machine
	Using connection load balancing with Oracle RAC
	Grid computing adoption slow amid fears of complexity
	DBA 102: Beyond the basics
	Difference between Oracle RAC and Data Guard
	Author Mike Ault sizes up the new Oracle Database 11g
	Oracle UDP protocol or Veritas LLT for interconnect traffic?
	Oracle database availability Research

Oracle database backup and recovery

How to export triggers in an Oracle export command

How to precreate Oracle table extents and define extent size

How to trim the Oracle listener log in Unix/Linux

How to avoid invalid objects in Oracle when restoring the database

How to perform an Oracle 9i upgrade with the Database Upgrade Assistant

How to avoid Oracle error ORA-00060 when dropping a datafile in Oracle 10g

How to precreate tablespaces in Oracle before a new database import

How to use Transportable Tablespaces in Oracle to copy files quickly

How to solve an Oracle import error

Exadata: A first look at Oracle's entry into the appliance market

Oracle database backup and recovery Research

Oracle database design and architecture

Can I download DBCA for Oracle Express Edition?

How to recreate an Oracle index in a new schema with the CREATE command

Using Oracle Universal Installer to install Oracle with Pro*C

Defining Oracle database repository vs. information repository

Can I create multiple schemas in Oracle for one user?

ORA-12514 error when connecting to the Oracle database through Toad

Solving the ORA-00904 error: invalid identifier in Oracle

How to tune SQL UPDATE statements for an Oracle 10g upgrade

Will queries run slower in a smaller Oracle buffer cache?

Using a database link to connect two Oracle apps instances

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

E. F. Codd (SearchOracle.com)

extent (SearchOracle.com)

flexfield (SearchOracle.com)

foreign key (SearchOracle.com)

multidimensional database (SearchOracle.com)

object-oriented database management system (SearchOracle.com)

quad tree (SearchOracle.com)

relational online analytical processing (SearchOracle.com)

row (SearchOracle.com)

splay tree (SearchOracle.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Oracle News, Oracle Training, Oracle Management

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy