Over the past few years Oracle has fixed a large number of PL/SQL injection vulnerabilities in their database server product. The vulnerability arises due to procedures and functions accepting user input and performing no validation on it before passing off to be executed in an SQL query. By carefully crafting their input an attacker can [...]
How can an attacker exploit a PL/SQL procedure that doesn’t even take user input? Or how does one do SQL injection using DATE or even NUMBER data types? In the past this has not been possible but as this paper will demonstrate, with a little bit of trickery, you can in the Oracle RDBMS. Consider [...]
For several major releases of the database, the Oracle documentation has provided a security checklist for customers to follow to help secure Oracle database environments. Since Oracle9i, Oracle has been working with customers to better understand their desired default configurations and harden the Oracle environment. Oracle Database 10g Release 1 Enterprise Manager (EM) Configuration pack [...]
Some of the most experienced database administrators in the world leave their systems open to casual hacking. Hackers aren’t only lonely 13 year olds with bad skin – they could be a co-worker just trying to get his/her job done without getting tangled up in the bureaucratic red tape of change management or data security. [...]
Beginning in November 2001, Oracle began a marketing campaign: Unbreakable.
The security portions of the campaign reference Oracle’s 14 independent security evaluations (described below in What is Information Assurance?). Such a bold statement raises a number of questions:
• How can anyone claim to be Unbreakable? Security professionals often say that security is a process, not a [...]
This document details a number of current, unresolved, technical concerns with DIS 29500 (OOXML) that persist in the specification even after the Ballot Resolution Meeting (BRM) in Geneva during the week of February 25th, 2008. While this is not an exhaustive list of outstanding concerns, the following highlight the unsuitability of DIS 29500 for Fast [...]
One of the more recent evolutions in network security has been the movement away from protecting the perimeter of the network to protecting data at the source. This is evident in the emergence of the personal firewall. The reason behind this change has been that perimeter security no longer works in today’s environment. Today more [...]
The Oracle Database Listener is the database server software component that manages the network traffic between the Oracle Database and the client. The Oracle Database Listener listens on a specific network port (default 1521) and forwards network connections to the Database. The Listener is comprised of two binaries: (1) tnslsnr which is the Listener itself [...]
© 2007 Free PDF Manual Guide - StudioPress Theme
