Posted by Sven Vetter on May 1st, 2009
In the current Oracle Critical Patch Update (April 2009) all our Security Bugs are solved, as well in Oracle Database version 11.1.0.7.
Starting from now, I can recommend Database Vault.
But please read the documentation carefully. Database Vault does not help for all security requirements (e.g. encryption).
Learn more about Database Vault - and which options you need for a secure environment - in our new TechnoCircle Compliance...
Tags: 10g, 11g, Alert, CPU, Database Vault, Oracle, Security
Posted in 11g, CPU, Oracle, Security, Security Alerts, TrivadisContent, Wordpress | No Comments »
Posted by Sven Vetter on October 15th, 2008
Nächste Woche (21.+22.10.) finden die ersten Schweizer Datenbanktage statt - die TrivadisOPEN.
Ich denke, dies ist eine Veranstaltung, die jeden Datenbankprofi interessieren sollte - egal ob Oracle oder Microsoft, egal ob DBA, Entwickler oder Security-Experte.
Ein paar Highlights (für mich natürlich aus dem Oracle-Bereich
):
- Carry Millsap: "Millsap's Grand Unified Theory of 'Tuning'"
- Christian Antognini: "Query Optimizer 11g"
- Anton Topurov (CERN Genf): "CERN experience with virtualization of Oracle RAC with native XEN and Oracle VM"
- Roger Wullschleger (Oracle): "Oracle Enterprise Manager Data Masking Pack"
Auch die Keynote-Speaker sind sehr zu empfehlen - und natürlich auch der Überraschungsgast
Mehr Informationen findet ihr hier - und hier die Agenda.
Ich würde mich freuen, ein paar bekannte (und auch unbekannte) Gesichter zu sehen...
Tags: 10g, 11g, Audit Vault, Oracle, Security, Training
Posted in 11g, Oracle, Security, Training | No Comments »
Posted by Sven Vetter on October 2nd, 2008
First chapter in the Patch Set Notes:
...
Patch sets provide bug fixes only; they do not include new functionality and they do not require certification on the target system.
...
This is so not true
There is at least one new feature: a new package called DBMS_AUDIT_MGMT.
This should be mainly used with Oracle Audit Vault. But they are some interesting procedures and functions for "normal" auditing too:
- defining of file size and aging from os audit files
- automatic purging from audit records
- moving from audit tables in another tablespace (yes - official supported
)
- ...
Happy auditing...
Tags: 11g, Audit Vault, Oracle, Security
Posted in 11g, Oracle, Security, TrivadisContent | No Comments »
Posted by Sven Vetter on September 19th, 2008
The first patchset for Oracle Database 11g is available.
File size (Linux 32 bit): 1.5 GB!!! Happy download
Tags: 11g, Linux, Oracle
Posted in 11g, Oracle, TrivadisContent | 1 Comment »
Posted by Sven Vetter on June 17th, 2008
For quite some time I have been trying to persuade my colleagues to write a MySQL plug-in for Oracle Grid Control. Without success...
But now an official plug-in is available, created by Alex Gorbachev (Pythian Group). It can be downloaded from the "Oracle Enterprise Manager 10g Grid Control
Extensions Exchange" page too - and it is tested from Oracle
There are very interesting tables and charts included, for instance:

For more information: see the datasheet.
Tags: OEM, Oracle, Performance
Posted in OEM, Oracle, TrivadisContent | No Comments »
Posted by Sven Vetter on June 11th, 2008
A new Audit Vault version is ready for download (for Linux, Solaris, AIX and HP Itanium) . Maybe some bugs are fixed...
I will test it
Tags: Audit Vault, Oracle, Security
Posted in Oracle, Security | No Comments »
Posted by Sven Vetter on May 5th, 2008
During the last days we have tested the CPU very intensively.
Some information about it:
- I recommend applying it, if you use Oracle Application Express (APEX) 3.0. Because on iDefense it is described, how easy a security hole can vulnerable.
You can upgrade to APEX 3.1 too.
- This is the first CPU without need for a newer version of OPatch (if you applied the patchset before). This means applying would be easier and the software would be more stable
Tags: CPU, Oracle, Security
Posted in CPU, Oracle, Security, TrivadisContent | No Comments »
Posted by Sven Vetter on April 24th, 2008
After the x86-Linux and the 32-bit Windows version now the x84-64bit Linux version is ready for download.
For more information see here.
Tags: 10g, Database Vault, Linux, Oracle, Security
Posted in Oracle, Security, TrivadisContent | No Comments »
Posted by Sven Vetter on April 10th, 2008
Here is the first information about the next CPU.
Database:
- This CPU contains 17 new security fixes (including 2 for Oracle Application Express)
- The highest CVSS base score of vulnerabilities is 6.6.
This is regarded as a high risk.
- Some very critical components are affected:
- Audit
- Authentication
- Core RDBMS
- Data Pump
- Export
- Oracle Net Services
- Query Optimizer
- ...
- This CPU includes fixes for Oracle Database 11g too.
Oracle Application Server:
- This CPU contains 3 new security fixes
- All of these vulnerabilities may be remotely exploited without authentication!
- The highest CVSS base score of vulnerabilities is 9.3 for clients and 6.6 for servers.
This is regarded as a very high risk.
Oracle Enterprise Manager:
- This CPU contains 1 new security fix (in the Oracle Agent)
- The CVSS base score of vulnerability is 6.6.
This is regarded as a high risk.
Tags: CPU, Oracle, Security
Posted in CPU, Oracle, Security, TrivadisContent | No Comments »
Posted by Sven Vetter on April 8th, 2008
Until now I have written every article in German. This should change now.
Why?
At the moment I’m on Malta in the EC English School. 4 weeks – 6 hours English per day.
One of my goals is to learn writing understandable English. Therefore I will translate my Blog and my teacher will check this every day.
Posted in Allgemein | 2 Comments »