2017 was a crazy year, 2018 is going to be challenging

It’s been a crazy year. In 2017 I’ve done talks in Paris France, Helsinki and Rovaniemi Finland, Sofia Bulgaria, Moscow Russia, Denver Colorado, Las Vegas Nevada, San Antonio Texas, Krakow Poland, Dushanbe Tajikistan, and Raleigh North Carolina. A few of these cities, (Helsinki, Moscow, and Sofia) getting there more than one time this year. And these don’t count the side trips to places like Saint Petersburg and London to see the ballet, visit friends, visit a pub, or see a football game. It’s now coming on the end of the year and thankfully I don’t have any travel planned for the rest of the year. You should see my frequent flier statement, but we all know it does not compare to Heli’s frequent flier statement.

Also in 2017, I made Oracle ACE Director. Now if you do the math, estimating there are over 500,000 Oracle Customers and if each customer has five Oracle professionals on staff, that would mean there are over 2.5 Million Oracle professionals in the world. As of this day there are 107 Oracle ACE Directors (the top tier professional advocates) in the world and I am one of them.

Robert Lockard – Oracle ACE Director

Then last month, I was asked by Oracle Magazine about doing a peer-to-peer profile. That was published this morning.

Oracle Magazine Peer-To-Peer

Now when Oracle Magazine asked me to do the Peer-To-Peer, it also included doing a short video. It’s hard to believe, but this short video took me four hours to shoot.

Oracle Magazine Peer-To-Peer Video

What is the plan for 2018? Well it’s going to be hard to beat 2017, But I’m up to the challenge. I hope to spend a little more time in Saint Petersburg Russia to explore the city some more. This is a seriously beautiful city and I think late May would be the perfect time to explore it. Fortunately, it will be just in time for White Nights.

I’ve decided that in 2018 I will be focusing more on the smaller Oracle Users Groups. Yes, Collaborate, KSCOPE, and RMOUG are great conferences, and I am not abandoning them for good, I’ll return to them perhaps in 2019. On January 1 when I’ll be heading back to Europe for a week that will include another new place for me, Tbilisi Georgia and I also have tickets to see the Nut Cracker in Moscow that week. I have two papers into the UKOUG Ireland event in March. I also plan on speaking in Utah, Ohio, Atlanta Georgia, Helsinki, Moscow, Poland, Paris, London, and of course, Bulgaria again. Maybe I’ll also get to do a talk in Saint Petersburg while I’m there.

What else will I be doing? Well, I’m working hard to bring speakers to the Baltimore Maryland area. I’ve already have Steven Feuerstein lined up for January 18th in Baltimore, Bobby Curtis and I are talking about him coming out in March. I would also love to get SQL Maria out here to do a deep dive into the Oracle Optimizer. Yes, 2018 is going to be a busy year, and I promise I also will be flying my plane more.

The Impossible Password and default accounts. Oracle #LockDown #QuickTip #Infosec

Let’s revisit a customer who was about to go through an IG Audit. There is one finding that always seems to come up. Default accounts with default passwords. I don’t care if the accounts are expired and locked, if the user still has the default password set, then it’s a finding. Now you can go through all the default accounts and change the password if you want. I’m personally fond of having a script that does the work for me.

This is the script I use to go through and change all the default passwords. Now, once I’m done with this, I go back on set any necessary default accounts such as DBSNMP to a known password. Why, I find it easier to lock all the doors then methodically move through and unlock only the doors that are necessary.

First we are going to need a function that returns an impossible password. Well, in all honesty, it’s not impossible to crack, (that is because given enough horsepower any password can be eventually cracked.) This function will do one thing, return a 30 character randomly generated password of any printable character. There are a couple characters you can’t put in a password, so when we encounter those, we are going to replace them with an integer between 0 – 9.

Next we are going to go through all the default accounts and change the password.


    -- get the list of users with default passwords.
    CURSOR users_with_defpwd_cur IS
        SELECT username
        FROM sys.dba_users_with_defpwd;
    stmt     VARCHAR2(2000);    -- the base sql statement
    passwd   VARCHAR2(32);      -- the impossible_password.

    FUNCTION impossible_password RETURN VARCHAR2 AS
    -- will create a 30 character password wrapped in double quotes.
    passwd           VARCHAR2(32);        -- this is the password we are returning.
                                          -- we need 32 characters because we are
                                          -- wrapping the password in double quotes.
    p_invalid_char_3 VARCHAR2(1) := '"';  -- invalid password character 3 is '"'
    p_invalid_char_4 VARCHAR2(1) := ';';  -- invalid password character 4 is ';'
        passwd := SYS.dbms_random.STRING('p',30); -- get 30 printable characters. 
        -- find all the invalid characters and replace them with a random integer
        -- between 0 and 9.
        passwd := REPLACE(passwd, p_invalid_char_3, ceil(SYS.dbms_random.VALUE(-1,9)));
        passwd := REPLACE(passwd, p_invalid_char_4, ceil(SYS.dbms_random.VALUE(-1,9)));
        -- before we pass back the password, we need to put a double quote 
        -- on either side of it. This is because sometime we are going to 
        -- get a strange character that will cause oracle to cough up a hairball.
        passwd := '"' || passwd || '"';
        RETURN passwd;
-- main procedure.
    FOR users_with_defpwd_rec IN users_with_defpwd_cur LOOP
        passwd := impossible_password;
        stmt := 'alter user ' || users_with_defpwd_rec.username || ' identified by ' || passwd;