Learning is not a spectator sport
Connor McDonald on SQL and the Oracle Database
Tag: security
My APEX was fine and then it wasn’t
I got a nasty shock this morning when I fired up my local Application Expression installation. It had been working fine and all of a sudden…just dead. I sounded like all of those family members that as I.T practitioners we have to deal with…
Your New Years Resolution
Aligning roughly with the calendar year, based on the Chinese zodiak we’re about to go from the year of the dog to the year of the pig. But for me, in the “Information Technology Zodiak” , 2018 was the year of the hack, just…
The strange place for INHERIT PRIVILEGES
A while back in an Office Hours session, I touched on a relatively new privilege in the database called INHERIT PRIVILEGES which is designed to avoid erroneous privilege escalation via AUTHID CURRENT_USER routines. You can watch the full video below But in a nutshell,…
Choosing a password scheme for the database
In the Security Guide there is a section to assist you with the decisions about what rules you might want to have in place when users choose passwords, namely attributes like the minimum length of a password, the types of characters it must (and…
Quick tip–database link passwords
If you are relying on database links in your application, think carefully about how you want to manage the accounts that you connect with, in particular, when it comes to password expiry. With a standard connect request to the database, if your password is…
Better to be safe than sorry…
I’ve always been worried about taking a script that is fine to run in my non-production environments (in particular a DROP script) and accidentally running it in a Production environment, shortly followed by the typing up of a fresh resume to look for a…
Connection shortcuts with a wallet
I’m lazy when I connect to the database, especially on my laptop. Anything that saves a few keystrokes I’m keen on So rather than type “sqlplus username/password@database” I like to take advantage of a wallet In my private sqlnet.ora, or the global one if…
Upgraded and can’t see the tables you could before ?
If you take a look at the “alter user” command in the old 9i documentation, you’ll see this: DEFAULT ROLE Clause Specify the roles granted by default to the user at logon. This clause can contain only roles that have been granted directly to…
12.1.0.2 security grrr…
One of my favourite security “tricks” used to be the following: SQL> [create|alter] user MY_USER identified by values ‘impossible’; Looks odd, but by setting the encrypted value of someone’s password to something that it is impossible to encrypt to, means you’ll never be able…
Upgrade to 12c … credentials
We did a “real” upgrade to 12c this weekend, where “real” means a production system, as opposed to my laptop, a play VM etc etc 🙂 It all went relatively smoothly except for one interesting thing, that I can’t 100% say was caused by…
SQL injection
Another big public username and password leak… http://o.canada.com/technology/bell-canada-security-breach-391451/ Some good reading on how it was done, and thus ensuring your code isn’t prone to SQL injection here: http://www.troyhunt.com/2014/02/heres-how-bell-was-hacked-sql-injection.html
Man…I really really like this :-)
Yeah yeah, you can argue with me about backward compatibility, but I’m so glad someone snuck this into 12c… 11.2 SQL> grant resource, connect to demo identified by demo; Grant succeeded. SQL> select privilege 2 from dba_sys_privs 3 where grantee = ‘DEMO’; PRIVILEGE —————————————-…
