Comments for Oracle Musings

Comment on Mass Market Oracle by Chinku

Chinku — Wed, 28 Jul 2010 12:41:45 +0000

Hope now-a-days there are many hosting providers for oracle.

Comment on More interview questions by kırmızı biber hapı

kırmızı biber hapı — Thu, 06 May 2010 10:53:01 +0000

What’s the CACHE parameter on sequence creation for?

Comment on Prime by Ritesh Singh

Ritesh Singh — Tue, 11 Aug 2009 17:11:19 +0000

Please visit this article
http://www.oracledba.in/display_article.aspx?article_id=287#ReviewId

Comment on Adventures in Setting up OEM Agents by arjun

arjun — Tue, 26 May 2009 18:05:56 +0000

The list of Supported operating systems are stored in the oraparam.ini file in your install directory. if you Vi the file you see it just checks with the uname command . you can either comment that section or add oel 5 to that . or you can force the installer to bypass checking the prereqs using this command (runInstaller -ignoreSysPrereqs). But again OEL 5 should support enterprise manager . It need not be certified but atleast it should support .

Comment on Swiss Army Oracle by Martlark

Martlark — Wed, 04 Mar 2009 06:07:58 +0000

update zzzmas.person set password =
utl_raw.cast_to_varchar2(
utl_encode.base64_encode(
dbms_crypto.hash(utl_raw.cast_to_raw(upper(userid)||’bob’),2)
)
)

And everyone’s password is a base64 has of bob. Yay! You beat out Tom Kyte on this one.

Comment on More Mass Market Oracle by Gary

Gary — Fri, 05 Sep 2008 00:53:27 +0000

There is a page here, but in German so you may need a translator

http://www.strato.de/server/geschaeftskunden/oracle_xe.html

Comment on Encyclopedia Spine by Encyclopedia spine in a DWH/BI context « Klein Oracle denkraam

Encyclopedia spine in a DWH/BI context « Klein Oracle denkraam — Fri, 27 Jun 2008 12:56:07 +0000

[…] spine in a DWH/BI context 26 05 2007 One of the blogs I read by Dominic Delmolini had an interesting question that seemed an nice exercise in the use of sql and probably analytic sql. It turns out that an […]

Comment on Mass Market Oracle by Oracle Musings » More Mass Market Oracle

Oracle Musings » More Mass Market Oracle — Tue, 17 Jun 2008 13:31:23 +0000

[…] exactly one year ago, I wrote about the lack of hosted Oracle database packages. Since then I haven’t seen much movement on that front, until last week, when STRATO […]

Comment on Overcoded by Peter Teoh

Peter Teoh — Fri, 09 May 2008 07:08:02 +0000

Well….it cannot be overemphasized…

Comment on Injection Nation by Brian Kush

Brian Kush — Tue, 22 Apr 2008 13:35:35 +0000

Two initial thoughts come to mind, but neither would be foolproof.

You could monitor the system and kick out a report each day of “new” SQL that the database sees. When you first run the report it would not be of much use since every statement would be showing up as new. Over time if you are not adding new code and you use good coding standards like bind variables, the number of statements should go down and at some point would stop. With a shorter report each day you may be able to spot someone hacking away at your system by analyzing the statements that show up.

You might want to automatically scan the report for queries that go after objects that applications should not try to access like system objects or tables like dba_%.

Another way you may want to look for rogue SQL it is to put a tag into all SQL statements that a hacker might not think to replicate in his query. You might start all SQL statements with something like “SELECT /* x */ …..” A hacker might not notice that the /* x */ is your special code that if a statement does not have it causes it to get flagged. You could also use that code to identify the module that it came from.

My bet is a hacker once given a SQL prompt or SQL access is not going to worry about properly formatting his or her code.

I can’t remember if you can put a hidden character in the comment, but if you can you could put a ^g or something like that in there that you could not see on the web page.