Oracle Cloud Infrastructure – A short Blog Post about a secure and small Development Setup
For an internal project I had the pleasure to setup a new Oracle Cloud Infrastructure environment for an APEX development team. Here is a short overview about the setup. Requirements VPN Access from everywhere – 2 people are working maximal at same time on the…
Oracle Cloud Infrastructure Data Safe – How to burn down 201.44 Swiss Francs in 30 Seconds…
Is Data Safe really for free? In the last autumn, the new Oracle Cloud Infrastructure feature called Data Safe was released. For sure, new features has to be tested. I have tested the Data Safe feature too and added a cloud database to Data Safe….
PDB_OS_CREDENTIAL and PL/SQL external libraries
In the previous blog post I have described PDB_OS_CREDENTIAL initialization parameter and when it can help you in isolating PDBs from each other. Today I’ll show you an example of how it works with PL/SQL external libraries. Of course we need to setup the whole…
IT-Tage 2020: Privilege Analysis mit der Oracle-Datenbank
Herzlichen Dank allen, die meinem Vortrag auf den IT-Tagen 2020 unter dem Titel „Oracle Security: Von ‚Was hättet ihr denn gerne?‘ zu ‚Was braucht ihr wirklich?’“ über das Feature „Privilege Analysis“ zugehört haben. Den Vortrag gibt es hier zum Download. Nachdem ich 2019 zum ersten…
PDB_OS_CREDENTIAL and external jobs
After introduction of Multitenant option, Oracle provided additional ways to ensure proper isolation between pluggable databases. PDB_OS_CREDENTIAL initialization parameter is part of them. It allows to use specified operating system user while interacting with operating system from a PDB. According to documentation, it is taken…
How to generate DDLs of existing lockdown profiles
In my last blog post I mentioned that I’ll write a new one on how to generate DDLs to recreate existing lockdown profiles – the time has come :). When I had to do it for the first time, I thought it would be as…
Security Best Practice: Oracle passwords, but secure!
Beach view in Brighton at the UKOUG Techfest 2019 Today I held my presentation about Oracle security best practice “Oracle passwords, but secure!” at the virtual UKOUG event. Unfortunately, this year the beautiful view of Brighton beach and the active exchange with colleagues was missing….
Lockdown profiles definition – NUL character
Playing more with lockdown profiles, I have discovered another interesting bit. For some entries and some columns of CDB/DBA_LOCKDOWN_PROFILES views (which are based on LOCKDOWN_PROF$ table), there is unnecessary NUL (ASCII code 0) character added at the end. In our environment it was the case…
Lockdown profiles definition inconsistencies
While working recently on lockdown profiles in 12.2 database with January 2020 Release Update installed, together with my colleague Loïc Fave, we have discovered some inconsistencies in how the information about already defined lockdown profiles is stored and used to enforce the rules. Loïc has…
Oracle Security EUS Snippets – Setup Proxy User Privileges
Since I’m always short of time for a longer blog post, I’ll just try a short one. Intended as a mini-series, I will show different configuration examples for Oracle Enterprise User Security. Today I’ll start with the configuration of EUS based proxy privileges. The environment…
Social Media @trivadis