
	Home > Oracle Database / Applications News > Oracle security guru Peter Finnigan on the problem with PL/SQL

Oracle Database / Applications News:

EMAIL THIS

Oracle security guru Peter Finnigan on the problem with PL/SQL

By Mark Brunelli, News Editor
07 Sep 2006 | SearchOracle.com

Oracle tips, scripts, and expert advice

Digg This! StumbleUpon Del.icio.us

The protective wrapping around the programming language used to write procedures and commands in the Oracle Corp. database -- PL/SQL -- isn't as ironclad as some might expect, says Pete Finnigan, a well known Oracle database security guru and blogger. In fact, says Finnigan, who also serves as principal consultant and head of database security with Siemens Insight, it can be unraveled to give hackers access to sensitive data. In this SearchOracle.com podcast interview, Finnigan explains the exact nature of this problem and tells DBAs what they can do to protect their systems.

Oracle security guru Peter Finnigan on the problem with PL/SQL

Download the PL/SQL security podcast here: During the interview, Finnigan also offers tips for Oracle DBAs who want to improve their careers by becoming Oracle security gurus in their own right.

Program highlights:

(00:38) Can you give us a brief overview of the nature of this PL/SQL security problem as you see it?

(03:42) It sounds like a design problem rather than something that can be easily patched. Is this true?

(04:57) What is the worst case scenario that could result from these problems?

(06:20) Have you seen examples of folks exploiting these problems?

(09:18) Oracle's quarterly critical patch updates have been the subject of much criticism of late. What exactly is the problem here and what do you think the company needs to do to fix it?

(12:00) Oracle has had a reputation for solid security in the past. Is this still true today?

(13:45) What are some of the biggest security problems facing Oracle DBAs today, and what problems do you see on the horizon?

Program Links:

Oracle expert warns of weakness in PL/SQL: A well-known Oracle bug hunter says the wrapping mechanism used for PL/SQL -- the flagship language used in Oracle databases -- can be unraveled, exposing sensitive data.

Spotlight on Oracle security: A new one stop shop for Oracle security information.

Mr. Know-IT-All's Oracle Security Challenge: Let's find out how much you really know about Oracle security.

Tags: Oracle database availability, Oracle database backup and recovery, Oracle database design and architecture, Oracle error messages, Oracle database installation, upgrades and patches, Oracle database export, import and migration, Oracle database performance problems and tuning, Oracle RAC and database clustering, Oracle database security, Using Oracle PL/SQL, Oracle stored procedures, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Oracle database availability
	Review: Oracle's 11g R2 database has some good and bad
	Oracle releases new database, says 11g upgrade will cut costs
	Firm dumps MySQL on Red Hat for Oracle Database on Oracle Linux
	Data modeling tools no substitute for hard work
	Oracle RMAN case study: Improving backup and recovery efficiency
	Oracle and the rise of the virtual machine
	Using connection load balancing with Oracle RAC
	Grid computing adoption slow amid fears of complexity
	DBA 102: Beyond the basics
	Difference between Oracle RAC and Data Guard
	Oracle database availability Research

Oracle database backup and recovery

Can I perform an Oracle server backup through a client machine?

How to execute DML in an Oracle trigger with EXECUTE IMMEDIATE

How to restore a dump file with the Oracle SHOW=Y option

Why do I get an Oracle not available error with Oracle 8i on Windows?

Oracle tutorial library: SearchOracle.com's learning guides

How to perform Oracle database recovery with a corrupt online redo log

Can I create an Oracle Catalog Database with the Enterprise Console?

Do I need to recreate views after an Oracle table reorg?

Client-based apps vs. web-based apps in Developer 2000

How to perform an Oracle 8i to 10g migration

Oracle database backup and recovery Research

Oracle database design and architecture

Why am I receiving Oracle memory allocation errors?

How to join two tables with unique keys in Oracle

Can I check an Oracle instance without logging into the Oracle server?

How does the Oracle LGWR write to online redo log files?

How to determine your SQL database through needs analysis

Breaking down the contenders in the SQL database market

The MySQL open source database in the enterprise

Diving deeper into the SQL database features

What managers should consider when starting a database scaling project

How to use V$SEGMENT_STATISTICS to find the most accessed Oracle table

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

E. F. Codd (SearchOracle.com)

extent (SearchOracle.com)

flexfield (SearchOracle.com)

foreign key (SearchOracle.com)

multidimensional database (SearchOracle.com)

object-oriented database management system (SearchOracle.com)

quad tree (SearchOracle.com)

relational online analytical processing (SearchOracle.com)

row (SearchOracle.com)

splay tree (SearchOracle.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Oracle News, Oracle Training, Oracle Management

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy