Lockdown profiles definition – NUL character
Playing more with lockdown profiles, I have discovered another interesting bit. For some entries and some columns of CDB/DBA_LOCKDOWN_PROFILES views (which are based on LOCKDOWN_PROF$ table), there is unnecessary NUL (ASCII code 0) character added at the end. In our environment it was the case…
Lockdown profiles definition inconsistencies
While working recently on lockdown profiles in 12.2 database with January 2020 Release Update installed, together with my colleague Loïc Fave, we have discovered some inconsistencies in how the information about already defined lockdown profiles is stored and used to enforce the rules. Loïc has…
Oracle Security EUS Snippets – Setup Proxy User Privileges
Since I’m always short of time for a longer blog post, I’ll just try a short one. Intended as a mini-series, I will show different configuration examples for Oracle Enterprise User Security. Today I’ll start with the configuration of EUS based proxy privileges. The environment…
Let’s IPSec VPN – How to connect your Unifi Security Gateway to Oracle Cloud Infrastructure
When I connect from home to the Oracle Cloud Infrastructure normally I used a Bastion Host, an Open VPN compute instance or Public IPs. Some of the cool stuff like MV2OCI (which transfers data from on-premises to OCI) or integration of an ADB instance in…
Oracle Cloud Infrastructure – Security first: Cloud Guard and Security Zones – a first View
Two new Oracle Cloud Infrastructure Cloud Security Services Good news: Oracle has provided two new services for cloud security. Cloud Guard to get an overview of existing possible security breaches and Security Zones, which allows to create a full restricted…Read more
Trivadis LAB: Simple Vagrant Setup of Windows AD Server
One of my biggest problems when I started to look into Kerberos Authentication, Oracle Centrally Managed Users as well Oracle Enterprise User Security was the availability of an Active Directory to setup test cases. It is usually not the core business of an Oracle DBA…
Kerberos Troubleshooting – A few approaches
It is way too long ago since my last blog post. These were or are busy weeks for me. Any way, I finally found some time to start writing a blog post about a special setup for kerberos authentication of Oracle databases. It is about…
Oracle CPU / PSU Advisory July 2019
Recently, just in the middle of the summer holidays, Oracle has released the third Critical Patch Advisory for its products. It seems there’s a lot of work going on in Redwood Shore. Oracle has fixed about 319 security vulnerabilities across their products. The Oracle database…
Oracle CPU / PSU Advisory July 2019
Recently, just in the middle of the summer holidays, Oracle has released the third Critical Patch Advisory for its products. It seems there’s a lot of work going on in Redwood Shore. Oracle has fixed about 319 security vulnerabilities across their products. The Oracle database…
PDB_OS_CREDENTIAL with external table pre-processor
As part of a customer project I am currently enhancing PDB security and isolation. Since OS interaction is necessary, I can not just use lockdown profile to block OS access. The idea is to isolate the PDB with lockdown profiles and allow dedicated OS access….
Social Media @trivadis