COMMON_USER_CONNECT lockdown profiles feature in Oracle Database 19c
After upgrading some CDBs to 19c, we hit the problem of not being able to connect as common users to the PDBs. In all affected CDBs, lockdown profiles were in place with following definition regarding common user connection part: It worked well in 12c, but…
PostgreSQL’s foreign data wrapper to Oracle: hide passwords using secure external password store
Hi there, customer is worried about the credentials that are stored in PostgreSQL dbwhen using foreign data wrappers. In that case to Oracle, using oracle_fdw.It is possible to query a stored password from data dictionary. Only privileged users can do it, but still kind of…
Statistiken und Grafiken zum Oracle Critical Patch Update April 2021
Beim zweiten Critical Patch Update des Jahres 2021 ist die Gesamtzahl der behobenen Bugs leicht gestiegen: von 329 im Vor-Quartal auf aktuell 390. Da aber auch mehr Produkte betroffen waren liegt die mittlere Anzahl von Patches pro Produkt mit 3,1 nur etwas höher als im…
Oracle Cloud Infrastructure – A short Blog Post about a secure and small Development Setup
For an internal project I had the pleasure to setup a new Oracle Cloud Infrastructure environment for an APEX development team. Here is a short overview about the setup. Requirements VPN Access from everywhere – 2 people are working maximal at same time on the…
Oracle Cloud Infrastructure Data Safe – How to burn down 201.44 Swiss Francs in 30 Seconds…
Is Data Safe really for free? In the last autumn, the new Oracle Cloud Infrastructure feature called Data Safe was released. For sure, new features has to be tested. I have tested the Data Safe feature too and added a cloud database to Data Safe….
PDB_OS_CREDENTIAL and PL/SQL external libraries
In the previous blog post I have described PDB_OS_CREDENTIAL initialization parameter and when it can help you in isolating PDBs from each other. Today I’ll show you an example of how it works with PL/SQL external libraries. Of course we need to setup the whole…
IT-Tage 2020: Privilege Analysis mit der Oracle-Datenbank
Herzlichen Dank allen, die meinem Vortrag auf den IT-Tagen 2020 unter dem Titel „Oracle Security: Von ‚Was hättet ihr denn gerne?‘ zu ‚Was braucht ihr wirklich?’“ über das Feature „Privilege Analysis“ zugehört haben. Den Vortrag gibt es hier zum Download. Nachdem ich 2019 zum ersten…
PDB_OS_CREDENTIAL and external jobs
After introduction of Multitenant option, Oracle provided additional ways to ensure proper isolation between pluggable databases. PDB_OS_CREDENTIAL initialization parameter is part of them. It allows to use specified operating system user while interacting with operating system from a PDB. According to documentation, it is taken…
How to generate DDLs of existing lockdown profiles
In my last blog post I mentioned that I’ll write a new one on how to generate DDLs to recreate existing lockdown profiles – the time has come :). When I had to do it for the first time, I thought it would be as…
Security Best Practice: Oracle passwords, but secure!
Beach view in Brighton at the UKOUG Techfest 2019 Today I held my presentation about Oracle security best practice “Oracle passwords, but secure!” at the virtual UKOUG event. Unfortunately, this year the beautiful view of Brighton beach and the active exchange with colleagues was missing….