Pete Finnigan

Subscribe to Pete Finnigan feed Pete Finnigan's weblog is the only weblog dedicated to Oracle security.
Updated: 7 hours 23 min ago

Joel Kalllman Day

Wed, 2021-10-13 08:06
I saw a few tweets yesterday about Joel Kallman and liked a few and shared one (maybe two) and then I saw Tim Halls post that talked about Joel Kallman day. I decided to do a quick blog now to....[Read More]

Posted by Pete On 13/10/21 At 12:02 PM

Categories: Security Blogs

Designing Good Audit Trails for an Oracle Database

Thu, 2021-09-23 11:46
I have been asked to speak at the UKOUG Autumn Tech event. This is an online conference event and the agenda grid is live and I will speak at 15:00 to 15:45 BUT the link to the details of my....[Read More]

Posted by Pete On 23/09/21 At 09:58 AM

Categories: Security Blogs

Happy 17th Birthday to this Oracle Security Blog

Thu, 2021-09-16 14:46
It is almost 17 years since I started this blog on the 20th of September 2004. I had actually already been sort of blogging without blog software before that since 10th February 2004 with my ramblings section of my website....[Read More]

Posted by Pete On 16/09/21 At 11:24 AM

Categories: Security Blogs

Register for a Free Webinar with PFCLForensics for Breached Oracle Databases

Tue, 2021-09-14 07:46
I will be giving a free webinar hosted with our reseller/distributer in Slovenia and the Balkans region - Palsit . The free webinar is at 09:00 UK time or 10:00 CET time on the 22nd September 2021. In this webinar....[Read More]

Posted by Pete On 14/09/21 At 01:28 PM

Categories: Security Blogs

PFCLForensics is released a tool for forensic analysis of a breached database

Thu, 2021-09-09 17:46
We have had a very busy year despite the Covid pandemic. I personally managed to catch covid last January and was very unwell for weeks with coviid and then many many weeks recovering after that. Then I managed to get....[Read More]

Posted by Pete On 09/09/21 At 01:53 PM

Categories: Security Blogs

Should We Security Patch Oracle Databases?

Mon, 2021-07-12 22:46
Spoiler: Of course! Security patching of Oracle databases can be a touchy and complex subject for some companies. It is perceived to be complex; companies don’t want the downtime; business is worried that a security patch can break the applications....[Read More]

Posted by Pete On 12/07/21 At 03:33 PM

Categories: Security Blogs

Unwrapping PL/SQL Source Code and Proving the Code is Recovered

Tue, 2021-07-06 20:06
We get asked by people if we can recover customers PL/SQL quite a few times a year. This is because they no longer have access to the original clear text PL/SQL. We can of course get this code back for....[Read More]

Posted by Pete On 06/07/21 At 04:00 PM

Categories: Security Blogs

Redo Log Endian and Magic Number

Thu, 2021-06-24 14:46
It has been a while since the last blog post. I had intended to post more since earlier this year but due to ill health with covid in January and February and now heavy business load we have had little....[Read More]

Posted by Pete On 24/06/21 At 02:15 PM

Categories: Security Blogs

Oracle Security Training Presentations

Tue, 2021-03-16 14:46
Why not make good use of your stay at home time and get excellent very cost effective training in all areas of securing data in your Oracle databases. I have just made live a new set of training dates on....[Read More]

Posted by Pete On 16/03/21 At 02:51 PM

Categories: Security Blogs

Happy 18th Birthday Limited

Wed, 2021-02-17 02:06
It has been an eventful year last year and 2021 started a bit strange due to lockdown. Last Friday our company Limited came of age; it was 18 years old. Wow, it has been a long and interesting journey....[Read More]

Posted by Pete On 16/02/21 At 02:43 PM

Categories: Security Blogs

TCPS Connection With an Oracle Instant Client

Fri, 2020-11-27 09:46
All of our products ( PFCLScan , PFCLCode , PFCLObfuscate and can use an Oracle instant client to connect to the target database(s) or even a full client. It is of course simpler to use an instant client if....[Read More]

Posted by Pete On 27/11/20 At 03:56 PM

Categories: Security Blogs

PL/SQL, AST, DIANA, Attributes and IDL

Tue, 2020-04-07 01:06
I have been wanting to write a detailed post about this subject for a very long time and indeed I have had some notes and screen dumps for some of this for more than 15 years for some parts of....[Read More]

Posted by Pete On 06/04/20 At 08:57 PM

Categories: Security Blogs

PL/SQL Machine Code Trace - event 10928

Thu, 2020-04-02 11:06
I have had an interest in PL/SQL for more around 25 years. I have always liked this great language as its powerful and simple and a great tool for writing code in the database. I wrote my very first PL/SQL....[Read More]

Posted by Pete On 02/04/20 At 01:33 PM

Categories: Security Blogs

Be Careful of What You Include In SQL*Net Security Banners

Wed, 2020-04-01 16:46
A short post today to add a little to the post I made the other day. In that post Add A SQL*Net Security Banner And Audit Notice I talked about using the sqlnet.ora parameters SEC_USER_AUDIT_ACTION_BANNER and SEC_USER_UNAUTHORIZED_ACCESS_BANNER to add security....[Read More]

Posted by Pete On 01/04/20 At 11:50 AM

Categories: Security Blogs

Oracles Free TNS Firewall - VALIDNODE_CHECKING

Tue, 2020-03-31 22:26
I said in a post a couple of days ago that my overall plan to secure an Oracle database; actually my plan is to secure the data in an Oracle database not blindly just secure Oracle. We must focus on....[Read More]

Posted by Pete On 31/03/20 At 12:26 PM

Categories: Security Blogs

Add A SQL*Net Security Banner And Audit Notice

Mon, 2020-03-30 09:46
I would have to say whilst I see security banners on customers Unix boxes when I am allowed to log in as part of a security audit I canot ever remember seeing a security banner when I log into a....[Read More]

Posted by Pete On 30/03/20 At 02:02 PM

Categories: Security Blogs

ORA-28050 - Can I drop the SYSTEM User?

Sat, 2020-03-28 02:46
Two things most annoy me with the Oracle database in terms of securing it and this is the abundance of default users in most Oracle databases that I perform security audits on and also the massive amount of PUBLIC grants....[Read More]

Posted by Pete On 27/03/20 At 06:11 PM

Categories: Security Blogs

Setting Users Impossible Passwords BY VALUES and Schema Only Accounts

Thu, 2020-03-26 14:06
I plan to try and write some Oracle security based blog posts whilst working from home. These promises when I have made them in the past usually end up not coming true due to other work and things getting more....[Read More]

Posted by Pete On 26/03/20 At 02:38 PM

Categories: Security Blogs

CoronaVirus - We are Still Open

Wed, 2020-03-25 19:46
Everyone must now be affected in some way about coronavirus. We had an inkling that Boris Johnson and his government would enact a more severe lock down in the UK. So in anticipation I decided on Monday that we needed....[Read More]

Posted by Pete On 25/03/20 At 01:27 PM

Categories: Security Blogs

XS$NULL - Can we login to it and does it really have no privileges?

Tue, 2020-02-18 15:11
I have read on line about XS$NULL over the years and particularly the documentation that states that it has no privileges. The documentation states the following: An internal account that represents the absence of a user in a session. Because....[Read More]

Posted by Pete On 17/02/20 At 01:09 PM

Categories: Security Blogs