Oracle Database Listener Security Guide
Integrigy has just published an updated version of the white paper on the Oracle database listener security.
From the introduction:
The Oracle Database Listener is the database server software component that manages the network traffic between the Oracle Database and the client. The Oracle Database Listener listens on a specific network port (default 1521) and forwards network connections to the Database. The Listener is comprised of two binaries: (1) tnslsnr which is the Listener itself and (2) the Listener Control Utility (lsnrctl) which is used to administer the Listener on the server or remotely.
Through our security assessments, Integrigy has consistently identified poor Oracle Database Listener security as a significant security risk. The majority of Oracle Database Listeners are not properly secured as recommended by Oracle and security experts. Fortunately in Oracle 10g, the default Listener configuration is much more secure.
The information contained in this paper is not new, is not obscure. It may not be well known to many Oracle DBAs, but is well known to security experts and hackers. This paper will outline the vulnerabilities in the Oracle Database Listener and provide recommendations for properly securing it. Providing minimal security for the Oracle Database Listener is simple and should be done for all Oracle installations – development, test and production.
Here is a link to the full document.
2 Comments | Filed in Oracle, Security | Tags: guide, Security3 Useful SQL*Plus Tips
I stumbled on the following SQL*Plus tips at a new Oracle blog called Tahiti Views:
@ (“at” sign) vs. @@ (double “at” sign): With @@, all the import commands are processed relative to the directory where the original file sits, not the directory where you run SQL*Plus.
Splitting Up Package Code: You can split a big PL/SQL package script file into many smaller ones using the @ (“at” sign) SQL*Plus command. For example:
create or replace package foo
as
@foo_declarations;
@foo_procedures;
@foo_functions;
end;
Turn a File into a String Literal: Also using the @ command, you can turn the entire content of a file into a string literal. For example:
select
'
@foo.htm;
'
from dual;
You can also use the alternative quoting mechanism in case the file contains single quotes. For example:
select
q'{
@bar;
}'
from dual;
neat!
5 Comments | Filed in Oracle, Tips | Tags: sqlplusOracle Best and Worst Practices Wiki
The Oracle best and worst practices wiki is a community wiki, which means that anyone can make additions or edit any page on the site. I have already added a few pages to start it off. Feel free to contribute. But, like in any other wiki, your content may be mercilessly edited or even deleted.
10 Things About Computer Programming You May Not Agree With
Are you a computer programmer? Here is what Half Sigma thinks about your profession:
- Computer programming is a low prestige profession.
- As you get older, your desire to completely relearn everything decreases, so you are likely to succumb to the temptation of staying with the familiar technology for too long.
- Whatever your position is, as a Computer Science person, you are socially classified as a geek.
- The computer programming industry within the United States is an industry with a shrinking number of jobs (because of outsourcing).
- Computer programming and IT in general is now seen as the foreigner’s industry and not a proper profession for upwardly mobile white Americans.
- Computer programmers face the need to move up to management or likely wind up as underemployed fifty-year-olds, only suitable for lower paying IT jobs.
- This trend, in which people without computer programming experience manage computer programming projects, is a result of the low prestige of computer programming.
- If you look forward to one day having your own private office, then computer programming sure isn’t the way to go.
- Computer programmers are cubicle employees, not considered important enough to be given nice workspaces.
- If you can’t get into a Top 14 law school or a top graduate business school, then public accounting probably provides a better career path than computer programming.
So, if you are a computer programmer, maybe you should change your career and become a database administrator. After all, database administration is one of the fastest-growing jobs in the United States.
I believe that no matter what your profession is, keeping up to date with the “what’s new” in your industry/technology is very essential to career development.
39 Comments | Filed in Interesting Stuff, Technology | Tags: programmingThe Case of Better Readable Code
When you code, you write your programs either in all lower case, all upper case, or a combination of the two. Let’s take PL/SQL for example, almost all PL/SQL programming best practices and coding styles that I’ve come across recommend using upper and lower. The following is an excerpt from the book Oracle PL/SQL Best Practices By Steven Feuerstein: Continue reading…
Rules of Thumb Wiki
I stumbled upon the Business Rules of Thumb Wiki via Seth Godin blog. For example:
- In a negotiation, he who cares less, wins. – Anonymous
- Simple and inexpensive beats complicated and expensive. – Rod Elder
- The best way to find good ideas is to let people tell you what the good ideas are. – Niel Robertson
- In public speaking, start by telling them what you’re going to tell them. Then tell them. Finally, tell them what you’ve already told them. – Lee Iacocca
Now, how about an “Oracle Rules of Thumb Wiki”? We’ll start with what the Oracle bloggers and the Oracle related websites have said about this topic.
3 Comments | Filed in Interesting Stuff, Oracle | Tags: rule-of-thumb, wikiUbuntu on Microsoft Virtual PC Works Like a Charm
I have installed and been using Windows Vista Ultimate on my laptop for a few weeks. I have had no major problems with Vista. In fact, I like it.
However, this post is not about Windows Vista. I just want to share with you my success in running Ubuntu as a guest OS on Vista. No, I did not use VMware. I used (the free) Microsoft Virtual PC 2007. I also successfully installed Oracle Database 10g Express Edition on Ubuntu.
The following pages were very helpful:
- How To Configure Ubuntu For Microsoft Virtual PC 2004
- Ubuntu 6.10 install on Virtual PC
- Installing Ubuntu on VirtualPC Step by Step
- Installing Oracle Database XE on Debian, Ubuntu, and Kubuntu
The Oracle Community on Twitter
It’s here. If you want to participate in the growth (or even death) of the Oracle community on Twitter, head over to twitter.com/oracle and add Oracle as your friend. You have to “Join for Free” first, before you can add friends.
Once you add Oracle as a friend, Oracle will add you back as a friend. The result is this page where you can see all Oracle friends twittering with each other.
According to Kathy Sierra:
Twitter, is the solution to the one problem we all have: it’s just too damn hard to keep updating our blog every few minutes to tell the world what we’re doing at that very moment. Twitter lets you make tons of nano-posts (postlets?) to a kind of nano-blog (bloglet?) And indeed, it’s every bit as stimulating as it sounds…. I can think of dozens of reasons why Twitter is a wonderful thing (like for separated families, etc.) But talk about an event horizon… Twitter is the new Crackberry.
In case you are still wondering what this Twitter thing is, it is a global community of friends and strangers answering one simple question: What are you doing? Answer on your phone, IM, or on the web! Of course, you can post whatever you want, not just what you are doing.
Sean has already planted the seed of a ColdFusion Twitter channel.
By the way, my Twitter handle is eddieawad.
Comments Off | Filed in Oracle | Tags: twitter
