Category Archives: Trusted Path

#Oracle Database Application #Security book is finally out. #infosec #encryption #audit #SecureCoding #PrivilegeAnalysis #OID #OAM #OIM

Posted on November 6, 2019 by rlockard

https://www.amazon.com/Oracle-Database-Application-Security-Directory/dp/1484253663/ref=sr_1_1?keywords=oracle+database+lockard&qid=1573050833&sr=8-1 It’s been a year long process now the book is finally been released. There are a few things I would have written different and a few other subjects I would have liked to cover. Perhaps that will come in … Continue reading →

Posted in Audit, encryption, infosec, PL/SQL, Security, Trusted Path | Tagged Audit, database, Encryption, infosec, oracle, privilege analysis, secure coding, SecureCoding | Leave a comment

Emerging Technology Security Day 2019

Posted on August 20, 2019 by rlockard

Between ongoing data breaches and emerging technologies constantly coming out, you need to ask the question. “Is my information secure?” On October 11th we will be hosting a security day with Oracle Corporation in Reston Virginia. When: October 11, 2019 … Continue reading →

Posted in AI, blockchain, encryption, infosec, Machine Learning, Security, Trusted Path | Comments Off

Putting #CodeBasedAccessControl to work. #CBAC #Database #infosec #Oracle #TrustedPath

Posted on March 19, 2018 by rlockard

Grab a cup of coffee or a cup of tea. This is not a short post; There is a lot to explain, and many point are repeated. You need to understand all the in’s and out’s of CBAC. However; once … Continue reading →

Posted in Code Based Access Control, Database Stuff, infosec, PL/SQL, Security, Trusted Path | Tagged CBAC, Code Based Access Control, infosec, oracle, pl/sql, secure coding, Trusted Path | Leave a comment

Code Based Access Control, #securecoding #oracle #plsql #MultipleSchemas

Posted on August 6, 2017 by rlockard

You can download the full code from gethub.com CBAC Simple This example depends on the HR Demo schema being loaded. We will be building on this example over the next several months to present a full blown application that includes … Continue reading →

Posted in infosec, Security, Trusted Path | Tagged infosec "secure code" plsql oracle cbac "code based access control" | Leave a comment

@Oracle 12.2.0.1 Cool new features to improve security. Part 1 Enhanced Whitelists PL/SQL

Posted on March 8, 2017 by rlockard

In Oracle 12.1 the ACCESSIBLE BY clause was introduced to the PL/SQL language. This gives the developer the ability mark a package, procedure, function, or type with what was allowed to call it. 12.2 gives us fine grained control over … Continue reading →

Posted in Database Stuff, infosec, PL/SQL, Security, Trusted Path | Tagged infosec, oracle, pl/sql, SecureCoding | Comments Off

PL/SQL Security Coding Practices. Introduction to a better architecture part 2

Posted on January 5, 2017 by rlockard

For this post, we are going to focus on definers rights and invokers rights. Most developers already know about these privilege modifiers, but sadly I rarely see these being used at customer sites. Key to understanding how to secure your … Continue reading →

Posted in Security, Trusted Path | Tagged pl/sql authid invokers definer "trusted path" | Leave a comment

PL/SQL Security Coding Practices. Introduction to a better architecture part 1.

Posted on December 10, 2016 by rlockard

I have been seeing this database architecture for over thirty years and it’s high time we stopped using it. Before I go too far, let me tell you I get it, you have pressure to get the application out the … Continue reading →

Posted in infosec, Security, Trusted Path | Tagged infosec, pl/sql, Security, trustedpath | Leave a comment

#ORACLE PL/SQL Secure Coding Practices #INFOSEC – Please tell me how your database system is designed @bgoug will get this presentation first

Posted on October 26, 2016 by rlockard

The more you tell me, the more ways I can find I can find to attack your system. All I need is one little sql injection bug and trust me, it is most likely there, you just don’t know it … Continue reading →

Posted in infosec, PL/SQL, Security, Trusted Path | Tagged infosec, oracle, SQLINJECTION | Leave a comment

Turn off the #http #listener in #Oracle #STIG

Posted on September 15, 2016 by rlockard

Locking down a database (applying STIGs) you need to check to see if the listener is running http. If you don’t need the http service, turn it off. Turning off http will reduce the attack surface. Step 1) Is http … Continue reading →

Posted in infosec, Life of a Oracle DBA, Security, Trusted Path | Leave a comment

Four things a developer can do now to improve their applications #infosec posture.

Posted on July 12, 2016 by rlockard

Lets face it, we have deadlines to meet and millions of lines of code in production. I get it, I’ve been a working PL/SQL developer off and on for over 20 years. If we get into the habit of using … Continue reading →

Posted in infosec, PL/SQL, Security, Trusted Path | Tagged #DEVELOPMENT, infosec, oracle | Leave a comment

Four things a DBA can do now to improve their #infosec posture?

Posted on July 9, 2016 by rlockard

August 13, 2018: NOTE UPDATE TO POST THIS IS SPECIFIC TO Oracle 12.1 and bellow. Oracle 12.2 and above, you can change an unencrypted tablespace to an encrypted tablespace. 1) When we start talking about securing information, the first thing that … Continue reading →

Posted in Audit, encryption, infosec, Security, Trusted Path, VPD | Tagged action, dba, infosec, oracle | Leave a comment