Blue Core Research's "NO BULL" buyers guide to Database Auditing products - Part 13: Application user IdentificationSubmitted by tduong on Mon, 2010-11-08 22:23
There is a common misconception about the value of application user identification. The reason for the misconception is the marketing of this feature by some companies, but we'll get into all that later. First lets examine the idea.
Most applications have a single database user that they use to access the data. To enforce security, these applications maintain an internal list of users and roles that they enforce. In other words – instead of using the database security features, that functionality is performed by the application. The result is that when you look at the database activity you see everything coming from a single user. An obvious requirement is to map the database activity to the application user as it is seen by the application.
Blue Core Research's "NO BULL" buyers guide to Database Auditing products - Part 14: Oracle and MS SQL ServerSubmitted by tduong on Fri, 2010-10-29 00:59
Most companies have more than one database vendor. Oracle, SQL Server, DB2, MySQL and Sybase are all common depending on the company, and some use less common databases such as TeraData. There are, however, some important questions to ask before you dive into your cross platform heterogeneous requirements:
* Which databases do you actually need to audit? Is all your SOX, PCI, HIPAA or other sensitive data scattered across all these databases, or is your SQL Server just used for small home-grown apps that do not have any auditing requirements?
* Do you have the same DBA or team managing all these databases, or are they different teams that will end up managing auditing solutions independently? In the later case you are better off choosing the best solution for each database rather than mandating a single solution no one is too happy with.
Part of my job is teaching for Oracle University, and I'm often asked about OCP exam technique. Here are a few hints. The OCM exam is very different, and the confidentiality rules forbid me from discussing it, so please don't ask.
This note is an attempt to summarize some of the 11gR2 facilities that allow for greater virtualization of resources, reducing reliance on networking facilities supplied by the operating system. All corrections welcome.
One common problem: You are allocated to a new project and find that nothing is documented.
By running this script, you get four important points of information: Tablespace status, installed products and its versions, oracle parameters different to default and status of tables:
SET LINESIZE 1000
SET PAGESIZE 1000
prompt You can leave this script copied at $ORACLE_HOME\rdbms\admin\
prompt - Remember to use also statspack o bstats depending on the Oracle version
prompt - Review alert.log
prompt TABLESPACE STATUS
Select t.tablespace_name "Table
Installing Oracle 11g 64 bit on Windows Server 2008
When installing Oracle 220.127.116.11 on Windows Server 2008 64 bit, the installer gave a an error saying the Operating System ( OS ) was not supporting. In looking at the install log on c:\program files\oracle, I noticed the installer thinks the OS is windows vista.
To work around this error, I selected the check box for user verified and continued with the install.
Use the SQL Tuning Advisor for tuning SQL statements. Typically, you can run this advisor in response to an ADDM performance finding that recommends its use.
Additionally, you can run the SQL Tuning Advisor on the most resource-intensive SQL statements, referred to as top SQL, from the cursor cache or the AWR, as well as on a user-defined SQL workload.
To run the SQL Tuning Advisor do the following:
Here I present a simple query to use when we want to move the tables and indexes of several users at once.
To make it one by one:
ALTER TABLE xxxxxx MOVE TABLESPACE TEST; ALTER INDEX xxxxxx REBUILD TABLESPACE TEST;
To move data from multiple owners.
It is an English word that sounds very funny in Spanish, almost unreal.
Well, just wanted to brand the blog with a first entry to introduce myself.
I work as an Oracle and SQL Server DBA (mixed profile, they call it -
concerns twice for the same pay, on me).
Here I will write "how to" articles as they emerge in my day to day.
If you can read Spanish, check out the blog I maintain for a little more time http://blog.davidlozanolucas.com/.
Here is a script to start/stop Oracle databases running in Unix:
During a quite evening of my last on-call bout I was alerted from our monitors that the UNDO tablespace was running out of free space. Thought of adding of a new data file and be done with it; When I checked the current allocation for this tablespace it was already at 40G - couldn't believe what I was seeing. The undo_retention was set to 7200 and max query length in v$undostat was not that high. One column that did caught my eye was the tuned_undoretention, its value was way very high.