Tag: security

The strange place for INHERIT PRIVILEGES

A while back in an Office Hours session, I touched on a relatively new privilege in the database called INHERIT PRIVILEGES which is designed to avoid erroneous privilege escalation via AUTHID CURRENT_USER routines. You can watch the full video below But in a nutshell,…

Choosing a password scheme for the database

In the Security Guide there is a section to assist you with the decisions about what rules you might want to have in place when users choose passwords, namely attributes like the minimum length of a password, the types of characters it must (and…

Quick tip–database link passwords

If you are relying on database links in your application, think carefully about how you want to manage the accounts that you connect with, in particular, when it comes to password expiry. With a standard connect request to the database, if your password is…

Better to be safe than sorry…

I’ve always been worried about taking a script that is fine to run in my non-production environments (in particular a DROP script) and accidentally running it in a Production environment, shortly followed by the typing up of a fresh resume to look for a…

Connection shortcuts with a wallet

I’m lazy when I connect to the database, especially on my laptop.  Anything that saves a few keystrokes I’m keen on So rather than type “sqlplus username/password@database” I like to take advantage of a wallet In my private sqlnet.ora, or the global one if…

Upgraded and can’t see the tables you could before ?

If you take a look at the “alter user” command in the old 9i documentation, you’ll see this: DEFAULT ROLE Clause Specify the roles granted by default to the user at logon. This clause can contain only roles that have been granted directly to…

12.1.0.2 security grrr…

One of my favourite security “tricks” used to be the following: SQL> [create|alter] user MY_USER identified by values ‘impossible’; Looks odd, but by setting the encrypted value of someone’s password to something that it is impossible to encrypt to, means you’ll never be able…

Upgrade to 12c … credentials

We did a “real” upgrade to 12c this weekend, where “real” means a production system, as opposed to my laptop, a play VM etc etc 🙂 It all went relatively smoothly except for one interesting thing, that I can’t 100% say was caused by…

SQL injection

Another big public username and password leak… http://o.canada.com/technology/bell-canada-security-breach-391451/ Some good reading on how it was done, and thus ensuring your code isn’t prone to SQL injection here: http://www.troyhunt.com/2014/02/heres-how-bell-was-hacked-sql-injection.html

Man…I really really like this :-)

Yeah yeah, you can argue with me about backward compatibility, but I’m so glad someone snuck this into 12c… 11.2 SQL> grant resource, connect to demo identified by demo; Grant succeeded. SQL> select privilege 2 from dba_sys_privs 3 where grantee = ‘DEMO’; PRIVILEGE —————————————-…