Pete Finnigan

Subscribe to Pete Finnigan feed Pete Finnigan
PeteFinnigan.com's weblog is the only weblog dedicated to Oracle security.
Updated: 10 hours 9 min ago

ORA-46373 - Correct Error number or Not?

Mon, 2025-01-06 11:29
I talked last week about an issue where I wanted to pre-create a unified audit policy with no rules so that I could create a number of policies for a customer in advance and then we could add the actions/rules....[Read More]

Posted by Pete On 06/01/25 At 12:22 PM

Categories: Security Blogs

ORA-46373 - Unified Audit Policies

Thu, 2025-01-02 17:15
I have a requirement to pre-create unified audit policies and then add the ACTIONS, PRIVILEGES, ROLES etc after they have been created based on some stored audit rules for a customer. We tried to create a policy with no actions....[Read More]

Posted by Pete On 02/01/25 At 02:51 PM

Categories: Security Blogs

What Should you do if your Oracle Database is Hacked?

Thu, 2024-12-19 10:24
This is the second talk that I did at the recent UKOUG conference at the East Side rooms in Birmingham. This talk discusses how you should respond if you think that your database has been breached or if you unfortunately....[Read More]

Posted by Pete On 19/12/24 At 02:26 PM

Categories: Security Blogs

Top 10 Things to Consider in Securing an Oracle Database

Wed, 2024-12-18 16:21
I presented recently at the UKOUG tech conference 2024 in Birmingham, UK at the Eastside rooms. This was a good conference and I had two talks there. This blog is about the first of those and includes a link to....[Read More]

Posted by Pete On 18/12/24 At 11:34 AM

Categories: Security Blogs

Is Your Oracle Database More Secure in the Cloud?

Mon, 2024-12-16 10:13
I get asked a question often "Is your database more secure if its moved to the cloud?" and it does not matter which cloud we are talking about; could be Oracle OCI or Amazon or... This is an interesting question....[Read More]

Posted by Pete On 16/12/24 At 01:37 PM

Categories: Security Blogs

Audit ALTER USER Inconsistent Issue in Unified Audit Trail

Thu, 2024-11-28 21:06
If you use still or used standard auditing in the Oracle database then you should have come across an issue. If you have multiple teams enabling audit one team can destroy another teams audit settings. Here is a couple of....[Read More]

Posted by Pete On 28/11/24 At 09:59 AM

Categories: Security Blogs

New Live In Person Oracle Security 3 Day Training in York January 2025

Wed, 2024-11-13 14:46
The last time I taught an in-person training class around Oracle security was almost 5 years ago. I was in The Hague for a class in February 2020 and then the lockdown hit us for Covid in March 2020 and....[Read More]

Posted by Pete On 13/11/24 At 01:56 PM

Categories: Security Blogs

How Can a Data Breach of an Oracle Database be Managed and Analysed?

Wed, 2024-11-06 17:46
No one wants to be hacked or their data stolen or leaked or their database be breached but it can happen. If you become the latest victim of a data hack and your Oracle database is compromised then what do....[Read More]

Posted by Pete On 06/11/24 At 11:23 AM

Categories: Security Blogs

Oracle Security Blog is 20 Years Old

Wed, 2024-10-30 21:46
I was just made aware by a friend that my Oracle security blog was 20 years old just recently. As its a big anniversary I think its worth a blog post to celebrate. The blog started on the 20th of....[Read More]

Posted by Pete On 30/10/24 At 03:04 PM

Categories: Security Blogs

Easily Locate Security Issues in your PL/SQL Code

Tue, 2024-10-29 09:06
We have just released version 2024 and we have added around 340 new checks to the analyser for PL/SQL to located PL/SQL security issues. We can identify a number of types of security issues in your PL/SQL that includes: Use....[Read More]

Posted by Pete On 29/10/24 At 12:54 PM

Categories: Security Blogs

Compare the Database Security of Oracle Database 11g, 12c, 18c, 19c, 21c and 23c/ai

Thu, 2024-10-24 19:06
We have recently added around 750 new checks to our Oracle database scanner PFCLScan for our new version 2024 release that can be used to locate security issues in any Oracle database. We now have around 2000 security checks that....[Read More]

Posted by Pete On 24/10/24 At 12:48 PM

Categories: Security Blogs

Oracle TDE and Oracle ACE and Website

Thu, 2024-10-03 12:26
Firstly I was very pleased to announce that I have been made an Oracle ACE Pro again for the year to come. I just received the Oracle ACE tee shirt, polo shirt, jacket and of course the ACE Certificate. The....[Read More]

Posted by Pete On 03/10/24 At 10:44 AM

Categories: Security Blogs

What Should you do if your Oracle Database is Hacked or Breached?

Thu, 2024-09-19 18:46
It has been a while since my last blog post as we have been incredibly busy here with customers work, new versions of our products and from a personal point of view moving house. I just got an email from....[Read More]

Posted by Pete On 19/09/24 At 12:27 PM

Categories: Security Blogs

Would you Pay to Speak at a Conference?

Wed, 2024-08-28 18:06
I was approached by a lady on LinkedIn a few weeks ago to ask me if I would speak at a conference in another country. I said that I was interested and asked for more details and importantly do they....[Read More]

Posted by Pete On 28/08/24 At 09:24 AM

Categories: Security Blogs

Passwords in Scripts and Environment Variables

Wed, 2024-08-28 18:06
There was a post a few days ago on LinkedIn by Johannes Michler about easily passing passwords to adop via a shell script when patching E-Business Suite. This script sets the password for the E-Business Suite APPS user, SYSTEM and....[Read More]

Posted by Pete On 28/08/24 At 09:24 AM

Categories: Security Blogs

Searching Base64 Encoded text for a clear text string

Mon, 2024-08-12 19:26
I had an issue to solve where I needed to find if some base64 encoded text included a clear text string which was of course encoded in the source data. I needed to search hundreds of XML files where some....[Read More]

Posted by Pete On 12/08/24 At 07:50 AM

Categories: Security Blogs

Write An Interpreter in PL/SQL - Adding More Features

Thu, 2024-08-01 10:06
Just a short post about the PL/SQL parser and interpreter that I have been developing. As I have said in recent posts I am going to release a set of articles about the development of this interpreter in PL/SQL. I....[Read More]

Posted by Pete On 01/08/24 At 01:01 PM

Categories: Security Blogs

Can We Remove IF Statements from PL/SQL?

Fri, 2024-07-26 07:46
I like PL/SQL and I am always playing around with it or writing tools for use in security audits in PL/SQL or trying to do things that are not normal with PL/SQL such as writing an interpreter. One thing I....[Read More]

Posted by Pete On 26/07/24 At 09:22 AM

Categories: Security Blogs

Protect Your PL/SQL

Wed, 2024-07-24 19:06
Do you develop PL/SQL? Is your Oracle PL/SQL protected? My name is Pete Finnigan and in the next few minutes I will show you how you can protect you PL/SQL investment from theft. We can: Stop people stealing your ideas....[Read More]

Posted by Pete On 23/07/24 At 03:14 PM

Categories: Security Blogs

Extreme PL/SQL - An Interpreter for a Simple Language

Wed, 2024-07-17 22:26
I talked at a high level a few weeks ago about Extreme PL/SQL and gave a brief look at an interpreter I have been creating for a simple language based on BASIC. I have been keeping notes in a Word....[Read More]

Posted by Pete On 17/07/24 At 12:00 PM

Categories: Security Blogs

Pages