Pete Finnigan

Subscribe to Pete Finnigan feed Pete Finnigan's weblog is the only weblog dedicated to Oracle security.
Updated: 13 hours 20 min ago

Database Vault without Database Vault

Mon, 2023-09-18 19:46
I did a talk in Slovenia in 2022 that explores the questions, "What is Database Vault?" and "What can we do if we don't have Database Vault?". I have posted the slides to our website today and the talk is....[Read More]

Posted by Pete On 18/09/23 At 01:00 PM

Categories: Security Blogs

Create Onion Layers of Security

Fri, 2023-09-15 18:26
I did a talk in 2022 called CreatingOnion Layers of Security and as you can see from the previous link I have posted a pdf of my MS PPT slides to our website. I have also added the talk to....[Read More]

Posted by Pete On 15/09/23 At 02:01 PM

Categories: Security Blogs

Adaptive Audit and Adaptive Security

Mon, 2023-09-11 23:06
I did a talk at the beginning of the year virtually in Slovenia at a security conference. The slides are available and I have added the paper also to our Oracle Security White Papers page . I have spoken about....[Read More]

Posted by Pete On 11/09/23 At 11:21 AM

Categories: Security Blogs

Securing Data in Oracle Databases

Fri, 2023-09-08 21:46
I have been going through my laptop and found that I have quite a few presentations on my laptop that have not been uploaded to our website so I have decided to start to upload a few one by one....[Read More]

Posted by Pete On 08/09/23 At 01:23 PM

Categories: Security Blogs

GDPR and Oracle Database

Mon, 2023-09-04 07:46
I wrote a short blog post last week regarding GDPR and the Oracle database and discussed at a high level the main articles that could affect your security plans for an Oracle database. As I said last week GDPR Speaks....[Read More]

Posted by Pete On 04/09/23 At 12:16 PM

Categories: Security Blogs

New GDPR Book and the Oracle Database

Fri, 2023-08-25 10:06
I received a copy of Jamal Ahmeds book The Easy Peasy Guide to the GDPR last night. Of course I have not had chance to read it fully yet BUT I did have a read of the introduction and recommendations....[Read More]

Posted by Pete On 25/08/23 At 11:59 AM

Categories: Security Blogs

Oracle 23c And Removing Traditional Audit - Part 3

Mon, 2023-08-21 14:26
This has become a multi-part post about Traditional Audit in the 23c database. The first part - Oracle 23c Traditional Audit De-supported - discussed the fact that traditional audit is de-supported in 23c BUT if you migrate and the older....[Read More]

Posted by Pete On 21/08/23 At 01:00 PM

Categories: Security Blogs

Coding, Languages and Oracle

Thu, 2023-08-17 18:46
I run a company that specialises in securing data for customers in their Oracle databases but I still love to code in many languages. This can either be for customers projects or to create tools to use myself in helping....[Read More]

Posted by Pete On 17/08/23 At 01:21 PM

Categories: Security Blogs

Re-Enable Traditional Audit in 23c

Mon, 2023-08-14 17:26
I wrote a post at the end of last week that told that Oracle deprecated traditional audit in 21c and de-supported it in 23c. Oracle honour the traditional audit settings in 23c if you migrated from an older database BUT....[Read More]

Posted by Pete On 14/08/23 At 09:28 AM

Categories: Security Blogs

Oracle 23c Traditional Audit De-supported

Fri, 2023-08-11 16:06
It has been a long time coming. Traditional audit has been around since Oracle 6 and the new unified audit was added 10 years ago in Oracle 12c; at first unified audit was in a secure file and was slow....[Read More]

Posted by Pete On 11/08/23 At 02:45 PM

Categories: Security Blogs

Recovering PL/SQL Source Code

Mon, 2023-07-31 04:46
It has been possible to wrap PL/SQL for many years using Oracle tools and in the first iterations in Oracle 7 this was done with the Oracle 7 wrap.exe and this progressed through Oracle 8, 8i and finally 9iR2 also....[Read More]

Posted by Pete On 31/07/23 At 10:18 AM

Categories: Security Blogs

Review an Oracle Database for Security Issues

Thu, 2023-07-20 12:06
I recently released part one of a three part post about securing data in an Oracle database. That post was titled " Securing Insecure Oracle Databases " and can be read by following the link. As we discussed in the....[Read More]

Posted by Pete On 20/07/23 At 12:24 PM

Categories: Security Blogs

Oracle security and ERP systems and ACE

Fri, 2023-07-14 09:06
First, before we get into the subject of the blog; I just received an email from the Oracle ACE program and I have been awarded Oracle ACE for another year until end of May 2024; hopefully more years after that....[Read More]

Posted by Pete On 14/07/23 At 01:34 PM

Categories: Security Blogs

A Though Experiment - Application in the Root Container?

Tue, 2023-07-11 07:46
I had a call from a long time customer yesterday whilst I was travelling. They are no where near going to cloud yet even for some test/dev type databases. They have quite a lot of databases and around 80% fall....[Read More]

Posted by Pete On 11/07/23 At 11:33 AM

Categories: Security Blogs

Securing Insecure Oracle Databases

Fri, 2023-07-07 12:06
Protecting legacy applications and legacy Oracle databases is hard because of the application was not written in house or is third party custom written or a COTS package then the database design was not done by you and is not....[Read More]

Posted by Pete On 07/07/23 At 10:37 AM

Categories: Security Blogs

Oracle Unified Audit Target Data

Mon, 2023-07-03 16:26
I had an email from an Oracle colleague a few days ago asking me a question about Oracle Unified Audit in 19c. He wanted to be able to track when someone with the DBA role accesses objects in a particular....[Read More]

Posted by Pete On 03/07/23 At 03:17 PM

Categories: Security Blogs

Happy 29th June

Fri, 2023-06-30 15:06
Happy 29th June - One day late as I was working with a customer yesterday. This date, 29th June for me seems to be like November the 5th 1955 for Back To The Future. I was at Selby railway station....[Read More]

Posted by Pete On 30/06/23 At 10:31 AM

Categories: Security Blogs

Read Only Users in 23c

Mon, 2023-06-26 19:26
Oracle has added the ability to create read only users in 23c. This is by using a new ALTER USER or CREATE USER syntax and including the READ ONLY or READ WRITE clauses. Lets do a simple demo of this....[Read More]

Posted by Pete On 26/06/23 At 12:04 PM

Categories: Security Blogs

Proxy Connections and the SQL Firewall in Oracle 23c

Thu, 2023-06-22 23:46
I have recently posted a 3 part series exploring at a high level the new SQL Firewall released in Oracle 23c Free. The parts are: Part 1 - Introduction: Part 2 - Learning and set up phase: Part 3....[Read More]

Posted by Pete On 22/06/23 At 12:42 PM

Categories: Security Blogs

SQL Firewall Oracle 23c - Part 3

Mon, 2023-06-19 04:06
This is the third part of a series of posts discussing and testing the new SQL Firewall released in 23c Free recently. The three parts are: Part 1 - Introduction : This is this post where we introduce the SQL....[Read More]

Posted by Pete On 19/06/23 At 09:16 AM

Categories: Security Blogs