Five different security related posts to which I have contributed on dba.stackexchange.com. I did not necessarily provide the accepted answer for these, but felt that the questions posed were interesting enough to warrant a mention.
I've seen a couple of Oracle Community and AskTom posts over the last year or two about installing anti-virus software on Oracle database servers. Usually it is because someone in security told the sysadmin or the DBA that they had to install some kind of AV software because it was required. Been there; done that. I found out the hard way that doing so was a bad idea...
I was perusing (yes, "perusing") the My Oracle Support Community Database Administration posts recently when I came across this one: "How to hide oracle database account password in a create user sql script". The poster had a problem that every database administrator has had to confront at one time or another: namely, how to embed a … Continue reading How to hide Oracle passwords in a script?
One thing that going over this material again and again over the last few weeks has driven home for me, especially as our customer considers how best to implement their various choices for development frameworks, is just how much of a fairy tale the promises of middle-tier application servers turned out out to be in terms of processing business logic.
My company is going to be on the lookout for a new junior DBA in the near future, and I thought I would try something different in the interview process this time around...
Every once in a while over the years I have been asked, “Why don’t you patch the Java JDK included in an Oracle Home directory?”
What if you have a lot of potential PII data and you need to enforce some additional safeguards on it? How do I make this information actionable, and better yet how do I automate that action as much as possible?
A filter that allows incoming database connections to be approved or rejected based on the values of their sys_context parameters.