News Stay informed about the latest enterprise technology news and product updates.

Database 11g debut raises Oracle security, patching questions

Oracle Database 11g hits the streets tomorrow, leaving some to wonder if security improvements will come along with it.

Database 11g, the first major overhaul of Oracle's flagship database management system in about four years, is set to make its official debut tomorrow, leaving some IT industry experts and Oracle users wondering if Oracle security and patching improvements will come along with it.

Oracle has caught a great deal of flack for its patching policies over the last couple of years, mainly for the time it takes to issue fixes.

"I know that Oracle has to spend an inordinate amount of time testing each patch or each bug fix before they release it in a patch," said Brian Peasland, an independent Oracle consultant. "But it seems that some of these bugs have been known for two years or even longer before they get patched, and that's just quite disturbing, actually."

And with all the bugs that tend to come out in the first release of any new software package, many believe that it's a good idea to stay away from Database 11g at least until Release 2 comes out.

More Oracle Database 11g info:

Special report: Oracle 11g

Oracle expert looks ahead to Database 11g

Oracle Database 11g to feature XML enhancements

"I would never implement the first release of a new version of Oracle," said Jack Szczepek, a database administrator (DBA) with Pro Staff, a Minneapolis-based temporary staffing firm that runs several versions of Oracle to back up its Oracle-PeopleSoft applications. "It's almost like how you don't want to ever buy a [new car model] the first year it comes out because they don't have all the engineering bugs worked out. I really honestly believe that's the same thing with the Oracle software."

Szczepek said he'd also wait on Database 11g because in his experience, Oracle seems to end support for first versions a little too quickly.

"It happened with 9i Release 1 and it happened with 10g Release 1. They only tend to stay out for about six months to a year and then [Oracle releases] Release 2 and de-supports the first release," he explained. "Now you're trapped into a whole different upgrade cycle. Even though it's Release 1 to Release 2, you're still doing an upgrade."

When the time finally comes to move to Database 11g, Szczepek said one thing he's looking forward to is the system's hot patching capabilities, which allow users to install patches without downtime.

"Planning for downtime is always difficult," he said. "Leaving everything up would make things easier for us."

On the security front, Database 11g will also offer case-sensitive passwords and an audit vault designed to protect companies from insider threats, according to Oracle. Oracle's new flagship will also offer support for parallel upgrades. In addition, the system will include Oracle's Flashback technology, which speeds up the process of recovering from database outages.

Noel Yuhanna, a database analyst with Cambridge, Mass.-based Forrester Research Inc., said that in general, Oracle has been striving to make security improvements of late. But, he added, there's still work to be done.

"Security is an area which needs more attention," Yuhanna said. "The fact is that database technology is not intelligent enough to differentiate a hacker from a user. I think those types of features need to be further explored."

Dig Deeper on Oracle database design and architecture

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.