Category Archives: infosec

I’ve been working learning Oracle Machine Learning and noticed a new feature this morning. You now have the ability to run R scripts in scratchpad.

If you use datapump to get an export of your database, then please encrypt your exports. Even if you’re using TDE, this spillage can happen. To fix this, use the encryption parameter on the command line. This will prevent data … Continue reading →

–As a user with create role privileges and the ability to grant — the required privileges to the role. ie: DBA conn rob_dba@demo create role <role>; grant <privilege> on <object owner>.<object name> to <role>; grant <role> to <package owner> with … Continue reading →

After migrating your database to OCI; if you don’t need the data anymore on your local system(s), you should do a secure delete on all your local datafiles. If you are going to need the data again, then move the … Continue reading →

Do you see the problem with the following code fragment?c##sec_admin > administer key management set keystore open identified by SecretPassword; If your network is not encrypted, your password will be sent in the clear. This is part of the huge advantage … Continue reading →

Ya’ know, it’d be really nice if someone put together some baseline security standards for the Oracle database. Well, you can find those is a couple of places. These tools checklist are free to use. Now, I’m partial to the … Continue reading →

Oracle AFDF can track the usage of sensitive data in your database, this includes, who can access, who has made changes, and access by privileged users. Improving your ability to keep an eye on what is happening with sensitive data. … Continue reading →

In the testing phase, we normally test functionality and break the application. There is something that’s missing. Now, most developers are not experts in how privileges work in Oracle, this is not a bad thing because privileges can be complex … Continue reading →

May 6, 2017 the Economist published an article that data is more valuable than oil. https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data Every year I “try” to figure out what tools I need to sharpen, what tools I need to pick up, and what tools can … Continue reading →

I get to chat with Liron Amitzi and Jim (The Why Guy) Czuprynski about what interest me the most. Keeping your IT infrastructure safe and culture. https://beyondtechskills.com/episodes/if-you-aint-paranoid-you-aint-payin-attention-rob-lockard-on-cybersecurity-culture#T

March and April are booking up fast. Getting real busy and loving life. Utah Oracle Users Group (UTOUG) March 17 – 18 Keynote: “Curves ahead: Emerging technology threats.”, “Holistic Database Security in the cloud.”, and “PL/SQL Secure Coding in the … Continue reading →

In our series on the future of AI, here is the interview with Sandesh Rao, VP Autonomous Health and Machine Learning at Oracle  

I’ve spoken in the past about the utility of blockchain, to create a table that can not be altered. Oracle 21C is now available in OCI. The syntax to create a blockchain table is quite simple. create blockchain table test … Continue reading →

We have people giving opinions on a complex subject that for all practical purposes seem to contradict each other. I’ll give them this, they are some smart people; all of them have demonstrated vision and accomplished quite a few things … Continue reading →

Yes, this is a bit outside of my specialty; however, I receive somewhere between four to five hundred emails a day. Some are informational, some require me to make a decision, others are request. There is a US DOD standard … Continue reading →

On 20 October I’ll be speaking at the Spanish Oracle Users Group on Holistic Database Security. Registration URL to follow. On 29 October I’ll be giving the talk “Staying Current in a constantly changing IT Environment” This talk is open … Continue reading →