Database 11g debut raises Oracle security, patching questions

By Mark Brunelli, News Editor 10 Jul 2007 | SearchOracle.com

Oracle tips, scripts, and expert advice Digg This!     StumbleUpon     Del.icio.us

Oracle has caught a great deal of flack for its patching policies over the last couple of years, mainly for the time it takes to issue fixes.

"I know that Oracle has to spend an inordinate amount of time testing each patch or each bug fix before they release it in a patch," said Brian Peasland, an independent Oracle consultant. "But it seems that some of these bugs have been known for two years or even longer before they get patched, and that's just quite disturbing, actually."

And with all the bugs that tend to come out in the first release of any new software package, many believe that it's a good idea to stay away from Database 11g at least until Release 2 comes out.

More Oracle Database 11g info: Special report: Oracle 11g Oracle expert looks ahead to Database 11g Oracle Database 11g to feature XML enhancements

"I would never implement the first release of a new version of Oracle," said Jack Szczepek, a database administrator (DBA) with Pro Staff, a Minneapolis-based temporary staffing firm that runs several versions of Oracle to back up its Oracle-PeopleSoft applications. "It's almost like how you don't want to ever buy a [new car model] the first year it comes out because they don't have all the engineering bugs worked out. I really honestly believe that's the same thing with the Oracle software."

Szczepek said he'd also wait on Database 11g because in his experience, Oracle seems to end support for first versions a little too quickly.

"It happened with 9i Release 1 and it happened with 10g Release 1. They only tend to stay out for about six months to a year and then [Oracle releases] Release 2 and de-supports the first release," he explained. "Now you're trapped into a whole different upgrade cycle. Even though it's Release 1 to Release 2, you're still doing an upgrade."

When the time finally comes to move to Database 11g, Szczepek said one thing he's looking forward to is the system's hot patching capabilities, which allow users to install patches without downtime.

"Planning for downtime is always difficult," he said. "Leaving everything up would make things easier for us."

On the security front, Database 11g will also offer case-sensitive passwords and an audit vault designed to protect companies from insider threats, according to Oracle. Oracle's new flagship will also offer support for parallel upgrades. In addition, the system will include Oracle's Flashback technology, which speeds up the process of recovering from database outages.

Noel Yuhanna, a database analyst with Cambridge, Mass.-based Forrester Research Inc., said that in general, Oracle has been striving to make security improvements of late. But, he added, there's still work to be done.

"Security is an area which needs more attention," Yuhanna said. "The fact is that database technology is not intelligent enough to differentiate a hacker from a user. I think those types of features need to be further explored."

Tags: Oracle database security,  Oracle database design and architecture,  Oracle database installation, upgrades and patches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Oracle database security How to use the CREATE SESSION command to track Oracle database logins How to troubleshoot Oracle critical patch updates using OPatch Can I automate Oracle patching when installing Oracle Standard Edition? Is it possible to automate Oracle CPUs for a DoD project? Three steps to help improve Oracle database security Tips for auditing and securing database backups in Oracle How to prevent a SQL injection attack in Oracle Forrester outlines database security trends in 2009 Oracle extends Audit Vault third-party database compatibility Oracle New Year's resolutions, part 1: Advice for navigating 2009 Oracle database design and architecture Can I download DBCA for Oracle Express Edition? How to recreate an Oracle index in a new schema with the CREATE command Using Oracle Universal Installer to install Oracle with Pro*C Defining Oracle database repository vs. information repository Can I create multiple schemas in Oracle for one user? ORA-12514 error when connecting to the Oracle database through Toad Solving the ORA-00904 error: invalid identifier in Oracle How to tune SQL UPDATE statements for an Oracle 10g upgrade Will queries run slower in a smaller Oracle buffer cache? Using a database link to connect two Oracle apps instances Oracle database installation, upgrades and patches Oracle New Year's resolutions, part 2: GRC tips and customer resolutions revealed Oracle New Year's resolutions, part 1: Advice for navigating 2009 Oracle's Top 8 stories of 2008 Intermap details its Oracle database 11g upgrade Oracle OpenWorld 2008 Special Report Oracle extends Real Application Testing to 10g, 9i Third-party Oracle database tools remain an attractive option Enterprise search a key component of Oracle portal project Oracle Enterprise Manager leverages multiple environments for pharmaceutical giant Oracle 11g upgrade veteran offers step-by-step advice

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary E. F. Codd  (SearchOracle.com) extent  (SearchOracle.com) flexfield  (SearchOracle.com) foreign key  (SearchOracle.com) multidimensional database  (SearchOracle.com) object-oriented database management system  (SearchOracle.com) quad tree  (SearchOracle.com) relational online analytical processing  (SearchOracle.com) row  (SearchOracle.com) splay tree  (SearchOracle.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary