Security Blogs

Oracle Security - Hidden Grant When Create a Role and Revoke in a CDB

Pete Finnigan - Tue, 2022-06-07 18:26
I am keen to reduce grants made in any customers database. One area we can focus on is this curios state of affairs that the creator of a role in the Oracle database is also granted that role as part....[Read More]

Posted by Pete On 07/06/22 At 10:31 AM

Categories: Security Blogs

Adaptive Database Auditing and Security

Pete Finnigan - Wed, 2022-05-25 19:06
We are working with customers to design security for their Oracle databases and also to help and design audit trails. An audit trail is the easiest countermeasure or control that can be added to a database because if you do....[Read More]

Posted by Pete On 25/05/22 At 07:38 PM

Categories: Security Blogs

The challenges of securing data in an Oracle database

Pete Finnigan - Wed, 2022-05-11 07:06
I will be doing a talk at an even in Eight Members Club Bank, 1 Change Alley, London,EC3V 3ND on the 14th June 2022. The event runs from 8am to 10am. The event is free to attend and to register....[Read More]

Posted by Pete On 11/05/22 At 10:04 AM

Categories: Security Blogs

Add License Checks Anywhere in your PL/SQL

Pete Finnigan - Thu, 2022-03-31 01:46
Our product PFCLObfuscate allows dynamic obfuscation of PL/SQL. The original use of this in the product was to add licensing automatically to PL/SQL. This is similar to products that protect binaries such as C programs or DLLs. It is common....[Read More]

Posted by PFCLObfuscate On 30/03/22 At 05:31 PM

Categories: Security Blogs

Software from Building Blocks - Fast Development - One Month Projects

Pete Finnigan - Tue, 2022-03-22 16:26
More than 20 years ago I was working away from home and was in a loud restaurant / bar in London and chatting to colleagues there and we were all talking about ways to make money and ideas. I proposed....[Read More]

Posted by Pete On 22/03/22 At 06:33 PM

Categories: Security Blogs

Make Pete Finnigan a remote expert part of your team

Pete Finnigan - Thu, 2022-03-10 10:06
Over the last few years I have personally been asked many times to come and work full time in large companies to head up or direct their Oracle security efforts or more general database security efforts. Others ask us to....[Read More]

Posted by Pete On 10/03/22 At 01:40 PM

Categories: Security Blogs

Do we Need to Revoke PUBLIC from a User?

Pete Finnigan - Wed, 2022-03-02 18:46
I was having a discussion a couple of weeks ago with a friend and he said that in the company he is working at the Oracle database security standard / guide that they are working to told them that they....[Read More]

Posted by Pete On 02/03/22 At 02:37 PM

Categories: Security Blogs

Strong Passwords with Oracle Wallets

Pete Finnigan - Wed, 2022-02-23 22:06
I get involved a lot in recent years with Oracle SSL, TLS, TCPS, Kerberos and more. A lot more customers now are trying to use stronger database authentication as well as TLS/SSL encryption and many other features such as full....[Read More]

Posted by Pete On 23/02/22 At 02:01 PM

Categories: Security Blogs

How I Write an Oracle Security Training Course

Pete Finnigan - Tue, 2022-02-15 12:26
I mentioned a couple of weeks ago on Social media and also briefly in a blog post here that I am writing a new two day class "Oracle Database Vault Deep Dive". That is the working name at the moment....[Read More]

Posted by Pete On 15/02/22 At 11:17 AM

Categories: Security Blogs

Happy 19th Birthday PeteFinnigan.com Limited

Pete Finnigan - Sat, 2022-02-12 11:06
Just a short blog to wish my company PeteFinnigan.com Limited a happy 19th birthday. 19 years ago today, the 12th February 2003: I registered and launched the company 19 years ago to specialise in all things Oracle security. We focus....[Read More]

Posted by Pete On 12/02/22 At 09:50 AM

Categories: Security Blogs

Pete, Did You Deliver The Wrong Product?

Pete Finnigan - Thu, 2022-02-10 22:26
We sell a number of software products aimed at helping secure data in an Oracle database and we get this issue / point / question coming up from time to time. Yesterday morning I got an email from a customer....[Read More]

Posted by PFCLScan On 10/02/22 At 02:21 PM

Categories: Security Blogs

How do we Train Staff to do Oracle Security?

Pete Finnigan - Tue, 2022-02-08 15:26
I am asked this question comes up a lot and indeed this morning on a webex it came up again so I decided to discuss this question here. I started in this Oracle Security space a very long time ago....[Read More]

Posted by Pete On 08/02/22 At 02:21 PM

Categories: Security Blogs

Looking Forwards To 2022!!

Pete Finnigan - Fri, 2022-02-04 01:26
NOTE: I wrote this post back in January and then just after posting it the web server crashed. So, I guess a small number of people may have seen it before. It is essentially the same post now except for....[Read More]

Posted by Pete On 03/02/22 At 02:13 PM

Categories: Security Blogs

Log4j Vulnerabilities Impact On Oracle E-Business Suite - Updated Information

Multiple significant security vulnerabilities (CVE-2021-44228, CVE-2021-45046, and CVE-2021-4104) have been disclosed and patched in the popular Java logging library Apache Log4j.  This library is installed in Oracle E-Business Suite (EBS) environments and these vulnerabilities may be exploitable in your environment depending on Oracle EBS version, Oracle EBS patches applied, and customizations or third-party products.

On December 15th, Oracle has changed the remediation with the disclosure of the most recent Log4j security vulnerability (CVE-2021-45046) as the initial recommended fix was not complete.

Integrigy has completed a detailed analysis on the impact of these Log4j security vulnerabilities on Oracle E-Business Suite and you can access this analysis here -

Integrigy Log4j Vulnerabilities Impact on Oracle E-Business Suite Analysis

Integrigy's products AppDefend and AppSentry does not use the Log4j library, therefore, are not vulnerable to this security bug.

Please let us know if you have any questions regarding this security vulnerability at info@integrigy.com.

Vulnerability, Oracle E-Business Suite
Categories: APPS Blogs, Security Blogs

Joel Kalllman Day

Pete Finnigan - Wed, 2021-10-13 08:06
I saw a few tweets yesterday about Joel Kallman and liked a few and shared one (maybe two) and then I saw Tim Halls post that talked about Joel Kallman day. I decided to do a quick blog now to....[Read More]

Posted by Pete On 13/10/21 At 12:02 PM

Categories: Security Blogs

Designing Good Audit Trails for an Oracle Database

Pete Finnigan - Thu, 2021-09-23 11:46
I have been asked to speak at the UKOUG Autumn Tech event. This is an online conference event and the agenda grid is live and I will speak at 15:00 to 15:45 BUT the link to the details of my....[Read More]

Posted by Pete On 23/09/21 At 09:58 AM

Categories: Security Blogs

Happy 17th Birthday to this Oracle Security Blog

Pete Finnigan - Thu, 2021-09-16 14:46
It is almost 17 years since I started this blog on the 20th of September 2004. I had actually already been sort of blogging without blog software before that since 10th February 2004 with my ramblings section of my website....[Read More]

Posted by Pete On 16/09/21 At 11:24 AM

Categories: Security Blogs

Register for a Free Webinar with PFCLForensics for Breached Oracle Databases

Pete Finnigan - Tue, 2021-09-14 07:46
I will be giving a free webinar hosted with our reseller/distributer in Slovenia and the Balkans region - Palsit . The free webinar is at 09:00 UK time or 10:00 CET time on the 22nd September 2021. In this webinar....[Read More]

Posted by Pete On 14/09/21 At 01:28 PM

Categories: Security Blogs

PFCLForensics is released a tool for forensic analysis of a breached database

Pete Finnigan - Thu, 2021-09-09 17:46
We have had a very busy year despite the Covid pandemic. I personally managed to catch covid last January and was very unwell for weeks with coviid and then many many weeks recovering after that. Then I managed to get....[Read More]

Posted by Pete On 09/09/21 At 01:53 PM

Categories: Security Blogs

Should We Security Patch Oracle Databases?

Pete Finnigan - Mon, 2021-07-12 22:46
Spoiler: Of course! Security patching of Oracle databases can be a touchy and complex subject for some companies. It is perceived to be complex; companies don’t want the downtime; business is worried that a security patch can break the applications....[Read More]

Posted by Pete On 12/07/21 At 03:33 PM

Categories: Security Blogs

Pages

Subscribe to Oracle FAQ aggregator - Security Blogs