latest patchset

Huge downtime on today. After landing on an Error-500 page, I discovered a quick and neat overview of oracle patchsets, accessible without metalink account :

Still waiting for Solaris by the way, announced for 2006Q3, whatever this mean


I recently posted about Oracle Password Repository (OPR).

I did get a comment from Andreas Piesk about something similar in Oracle, the wallet.

Let’s do a quick test.

First, I create a .sqlnet.ora in my home directory (I do not want to mess up the system-wide sqlnet.ora).

$ cat /home/lsc/.sqlnet.ora

I now create the wallet

$ mkstore -create -wrl /home/lsc
Enter password:
Enter password again:

and the credentials

$ mkstore -wrl /home/lsc -createCredential LSC01 scott tiger
Enter password:
Create credential

now I try to login

$ sqlplus /@LSC01

SQL*Plus: Release - Production on Thu Aug 10 11:23:35 2006

Copyright (c) 1982, 2005, Oracle.  All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release - Production
With the Partitioning, OLAP and Data Mining options

SQL> sho user

This sounds to work very nicely. Let’s see if this is more secure than OPR :

$ mkstore -wrl /home/lsc -list
Enter password:

Oracle Secret Store entries:
$ mkstore -wrl /home/lsc -viewEntry
Enter password: = LSC01
$ mkstore -wrl /home/lsc -viewEntry
Enter password: = scott
$ mkstore -wrl /home/lsc -viewEntry
Enter password: = tiger

Definitely! The password is not reveal, unless you know the password of the wallet. Remember in OPR, the application had direct access to the password. Here it is not the case, if you do not know the password of the wallet, you may login, but you cannot find out what the password is. I like this very much.

of course do not forget to protect your wallet

Ok, what I did not achieve until yet is logging in externally when using wallet_override :

$ mv /home/lsc/.sqlnet.ora /home/lsc/.sqlnet.ora.disable
$ sqlplus /

SQL*Plus: Release - Production on Thu Aug 10 11:35:56 2006

Copyright (c) 1982, 2005, Oracle.  All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release - Production
With the Partitioning, OLAP and Data Mining options

SQL> sho user
$ mv /home/lsc/.sqlnet.ora.disable /home/lsc/.sqlnet.ora
$ sqlplus /

SQL*Plus: Release - Production on Thu Aug 10 11:37:13 2006

Copyright (c) 1982, 2005, Oracle.  All Rights Reserved.

ORA-01017: invalid username/password; logon denied

I will update this if I find out how to login externally too.

select last rows

I just read about a query to retrieve last modification row of a date

SQL> SELECT ora_rowscn FROM tab_test;

6 rows selected.

SQL> UPDATE tab_test SET valeur=valeur*1.1 WHERE col_id=1;

3 rows updated.

SQL> commit;

Commit complete

SQL>  SELECT ora_rowscn FROM tab_test:



6 rows selected.

conclusion of the author : very neat to retrieve last modification date.

Well, I am worried. I have answered so many times on the technical forums here for example, that the only way to retrieve the last rows is to use a date column, and to manually update it (or with a trigger or a default value for insert) with the last modification date.

What should I do?
test it!

14:52:07 SQL> create table t as 
select rownum x from all_objects;

Table created.

14:56:23 SQL> select scn_to_timestamp(ora_rowscn) timestamp, count(*) from t group by scn_to_timestamp(ora_rowscn);

TIMESTAMP                COUNT(*)
---------------------- ----------
04.08.2006 14:56:23.00       4238

let’s update one row

14:54:12 SQL> update t set x=-1 where rownum=1;

1 row updated.

14:55:04 SQL> commit;

Commit complete.

14:58:03 SQL> select scn_to_timestamp(ora_rowscn) timestamp, count(*) from t group by scn_to_timestamp(ora_rowscn) order by scn_to_timestamp(ora_rowscn);

TIMESTAMP                COUNT(*)
---------------------- ----------
04.08.2006 14:56:23.00       3580
04.08.2006 14:57:14.00        658

what? I updated one row, why did it updated so many rows? Let’s look at the block

14:58:16 SQL>  select dbms_rowid.rowid_block_number(rowid) block_number,scn_to_timestamp(ora_rowscn) timestamp,count(*) from t group by dbms_rowid.rowid_block_number(rowid),scn_to_timestamp(ora_rowscn) order by scn_to_timestamp(ora_rowscn);

------------ ---------------------- ----------
         651 04.08.2006 14:56:23.00        658
         652 04.08.2006 14:56:23.00        658
         653 04.08.2006 14:56:23.00        658
         654 04.08.2006 14:56:23.00        658
         655 04.08.2006 14:56:23.00        658
         656 04.08.2006 14:56:23.00        290
         650 04.08.2006 14:57:14.00        658 <=====================

ok, what has the doc to say about this :

For each row, ORA_ROWSCN returns the conservative upper bound system change number (SCN) of the most recent change to the row. This pseudocolumn is useful for determining approximately when a row was last updated. It is not absolutely precise, because Oracle tracks SCNs by transaction committed for the block in which the row resides. You can obtain a more fine-grained approximation of the SCN by creating your tables with row-level dependency tracking

Well, let’s try again with row dependencies.

15:04:53 SQL> drop table t;

Table dropped.

15:04:55 SQL> create table t rowdependencies as select rownum x from all_objects;

Table created.

15:05:28 SQL> select scn_to_timestamp(ora_rowscn) timestamp, count(*) from t group by scn_to_timestamp(ora_rowscn) order by scn_to_timestamp(ora_rowscn);

TIMESTAMP                COUNT(*)
---------------------- ----------
04.08.2006 15:05:26.00       4241

15:05:42 SQL> update t set x=-1 where rownum=1; 
1 row updated.

15:05:58 SQL> commit;

Commit complete.

15:06:09 SQL> select scn_to_timestamp(ora_rowscn) timestamp, count(*) from t group by scn_to_timestamp(ora_rowscn) order by scn_to_timestamp(ora_rowscn);

TIMESTAMP                COUNT(*)
---------------------- ----------
04.08.2006 15:05:26.00       4240
04.08.2006 15:06:08.00          1

sounds better! probably not 100% reliable but way better, it seems almost usable …

Oracle OpenWorld 2006

I just registered to Oracle OpenWorld in October in San Francisco… Well, I know it is a long long long way to the west, but I will survive again, but this time I will avoid Delta Airlines, they refused to serve me a glass of wine last year in the plane! I am going to take maybe Lufthansa.

As an ACE, I got the Oracle Develop for free this year too. I also took the gold pass, well, waiting hours for keynotes is just too much boring. Since it is the only thing I pay myself (ok wine in the plane too), I guess this 150$ investment is ok.

If available, I will try the Oracle Application Server OCP Beta exam 1Z1-312 in SF. Also, I will ask them why this OCM 10g upgrade is still not available.

OTN forums new release

I read frequently. I have read and answered thousands of questions there.

Those days, they launched a new release, I do not know what the improvements are, but it is fairly unstable. Well, it has been worst in the past, but I keep getting We’re sorry, the server encountered an unexpected condition and timetouts occasionaly.

Another nightmare for users was the blank-trimming effect, it was hardly possible to format the post, all multiple spaces were trimmed to one space, even by using [code] or [pre]. It is now fixed!

There has been also two new icons, Usefull answer and Correct answer, but it has been removed already. It makes me remembers the smilies they introduced in a previous release, where :p bind variable was translated to a smile…

Problem with the downtime is that the experts go away. I post and read hundreds of messages on metalink, especially in sqlplus and plsql forums. The problem on metalink, lot’s of users expect to have an immediate and advanced answer from Oracle, because they pay for support, and they do not invest time to write the question properly nor to say please or thank you.

I recently start writing on the linux and oracle forums of, where they put a high value on proper formatting, code of conduct, correct spelling (in french).


Originally uploaded by laurentschneider.

I installed OAS 10.1.3 on my notebook. Why? well, just to test if it is installable… and to justify my need of 2Gb of memory to my boss 😉

Ok, SLES10 is not certified yet, Not even planned yet on metalink. But it will definitely be certified one day.

The first step is to install the necessary packages

1) db1 : Berkeley DB Database Library Version 1.85
this package is needed, in order to avoid :

httpd: error while loading shared libraries: 
cannot open shared object file: No such file or directory

2) openmotif21-libs, sysstat
as listed in the quick installation guide for SLES9

3) libgnome and libgnome-devel
replace the old gnome-libs and gnome-libs-devel

4) pdksh
ksh-93r seems to be suffisant

5) glibc 2.3 and gcc 3.3
no problem until yet by using glibc 2.4 and gcc 4.1

The second and last step is to launch the installer, with -ignoreSysPrereqs or with an updated install/oraparam.ini

That’s all. I did get some warning about memory and requirements, but it seems that it works.

Oracle Password Repository

I checked this tool today :

This tool provide a simple way of not hardcoding passwords in shell scripts. Hardcoding passwords in shell scripts is a bad practice. The source code may be shared by many developers, may resides on unsecure servers (CVS), may be printed, etc… The passwords may change often too.

This tool uses a simple file to stores the passwords encrypted. Well, I urge you to secure this file to make it non-accessible for others.

I am not going to decode nor rate the encryption algorythm, the fact is, you do not have clear text passwords. It could be also possible to have clear text password in a separate text file, which would not be that less secure, but it is ugly.

To make it clear (I hope), it is a 2-ways encryption, so if you have access to the file and the source code of the algorythm, you can crack the password. Sounds weak? Well, Oracle Proxy Users with Internet Directory, Application Server, Portal and all those products are not much different. The only 100% passwordless solution I am aware of is the external OS identification.

Well, that said, let’s look how it works.

# ./configure
# make
# make install

let’s create the repository

$ export OPRREPOS=$ORACLE_HOME/dbs/oprrepos
$ opr -c

store the password for scott on LSC01

$ opr -a LSC01 SCOTT lsc
please enter the password :
please re-enter the password :
entry (LSC01, scott, lsc) added.

let’s test

$ sqlplus scott/$(opr -r LSC01 SCOTT)@LSC01

SQL*Plus: Release - Production on Tue Jul 25 13:51:48 2006

Copyright (c) 1982, 2005, Oracle.  All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release - Production
With the Partitioning, OLAP and Data Mining options

This is quite convenient. I will use this to store the RMAN password to connect to the RMAN repository in my backup scripts

Installation Oracle on Suse Linux Enterprise 10

How neat is Suse!

I downloaded the DVD SLES10 on At the installation time, appart from Gnome, Development, X Window, there are a few new categories. One of them is called Oracle Database, and guess what, it installs all what I needed for Oracle. It creates an oracle account, with oinstall as primary group and dba as secondary group, it sets usefull things like ORACLE_HOME.

Ok, let’s unlock the account

chltlxlsc1:~ # usermod -s /bin/bash oracle
chltlxlsc1:~ # passwd oracle
Changing password for oracle.
New Password:
Reenter New Password:
Password changed.

Ok, let’s install. SLES10 is not recognized as a certified OS yet. The DISPLAY thing has to be manually set too.

oracle@chltlxlsc1:~&gt; ./runInstaller  -ignoreSysPrereqs
Starting Oracle Universal Installer...

Checking installer requirements...

Checking operating system version: must be redhat-3, SuSE-9, 
redhat-4, UnitedLinux-1.0, asianux-1 or asianux-2
                                      Failed &lt;&lt;&lt;&lt;

&gt;&gt;&gt; Ignoring required pre-requisite failures. Continuing...

this is one of the friendliest installation I have ever made…

indian readers

I am aware indian and pakistan ISP did block access to blogspot blogs. There are some workaround available on google, for example to access my site from Pakistan, you may be able to use pkblogs

I am quite sad about this, I used to have a lot of access from India in the past (according to, and this is quite a limiting move for the indian Internet community.

Update: only relevant to my old blogger blog

oracle partner workshop : database 10g

Last month I had an application server seminar I blogged in SOA . Yesterday it was database 10g day.

First we had exactly the same talk about EMEA marketing, vision, partner and blabla for one hour. I did not expect to hear this comparison between Oracle Database and the C: prompt (origin) and fusion and mswin (ultimative achievement)… I almost told him than the C: prompt was not the first think to appear in MSDOS, but the A: prompt, well, if I will say it next time 😉

We heared about partitioning, parallel query, real application cluster, flashback database, undo management, in about 250 powerpoint slides and not a single line of sql in the whole presentation. Well, not willing to blame the teacher, I just felt losing my time listening to this superficial presentation of oracle database.

About the things I found interesting :
– Using the listener as http server. Especially interesting is to use lsnrctl star to start the listener (just joking).

  (HOST=chltlxlsc1) (PORT=8080)) (presentation=http)

$ lsnrctl star http
LSNRCTL for Linux: Version - Production 

Copyright (c) 1991, 2005, Oracle.  All rights reserved.

Starting .../bin/tnslsnr: please wait...

TNSLSNR for Linux: Version - Production
System parameter file is .../network/admin/listener.ora
Log messages written to .../network/log/http.log
( (PORT=8080))  
(presentation=http) (session=raw))

than I should be able with the package DBMS_EPG to administer the website

– An Excel plugin : well, if your marketing department is hooked on excel, there is a plugin which enable you some connectivity within your spreadsheet. You can download it on otn for free on BI Spreadsheet Addin. I did not try it yet, but it did look sexy.

– As last month, the pause has been enjoyable. Fine starters, great cat fish, delicious dessert


EXP / IMP has a quite a lot of bugs and limitations.

Today I had a trouble with a function based index first, generating ORA-942 table does not exist on import. I also had an error with AQ.

I have a few invalid objects too :

before exp, on source system (tru64/

SQL&gt; select count(*) from dba_objects where status='INVALID';

after imp, on target system (rh4/

SQL&gt; select count(*) from dba_objects where status='INVALID';

let’s recompile

SQL&gt; @?/rdbms/admin/utlrp

SQL&gt; select count(*) from dba_objects where status='INVALID';

… better, but still too much !

I probably did hit bug 3169196 too. The workaround is delicious :

<b>manually clean the data dictionary</b>

Well, I am going to drop the destination database and try again…

Oracle 7 Apero

Today we definitely shutdown our last productive Oracle7 database. Quite good news actually, I can now use set newp none, sqlplus “/ as sysdba” in all my scripts, svrmgrl is no longer needed (well, sometimes in 8i to do abort, but this is rare), and we garbage a hudge bin of reference manuals and cds!

And it is a good atmosphere, we talk about the good old time and this long life with no support and no change.

We have about 20% Oracle8i, 70% Oracle9i and 10% Oracle10g right now.


mod_plsql is an oracle module for Apache. Let’s do it from A to Z.

I install HTTP server. In 10g, it is located on the companion cd and requires a separate oracle home.

I copy my tnsnames.ora in COMPANIONHOME/network/admin

Then, I configure COMPANIONHOME/Apache/modplsql/conf/dads.conf

&lt;Location /helloworld&gt;
  SetHandler pls_handler
  PlsqlDatabaseUsername         scott
  PlsqlDatabasePassword         tiger
  PlsqlDatabaseConnectString    LSC01

I create my procedure
create or replace procedure helloworld is begin htp.bold('hello world'); end;

I start my Apache server
$ORACLE_HOME/opmn/bin/opmnctl startproc ias-component=HTTP_Server

I open my browser
firefox http://localhost:7780/helloworld/scott.helloworld

So easy!


The seminar yesterday focused on SOA, Service Oriented Architecture. Teacher Michel Hascoët gave us an impressive demo with his notebook and JDeveloper; the SOA Workshop is usually taking four days, and for us he did it in one day.

Ok, first ADF. With JDeveloper, he created with just a few clicks a connection to a database, dropped two screens, one for browsing customers, one for editing a customer, and just by clicking “run”, the application started in a browser.

Later, we saw the BPEL process manager in JDeveloper. I have been quite impressed. Well, I am a vi man after all, and I am typically quite sceptical about click-click-click and it works. What is really sexy in the BPEL approach is that the application is built in a natural way. You just define process, like you would do “if (y==2)”, or “x=1” in vi, but in a good-looking fashion. At the end, the application is self-documented, and this is a real bonus, because the next developer in task for your project will understand your work immediatly.

As Michel pointed out, the key point to success is the data format. If you can exchange Data from one application to another, than building a new process is just a matter of a few clicks.

In the afternoon, we had a look at BAM, the Oracle Business Activity Monitor. This Windows tool (needs a windows server and an internet explorer client) let you build graphs and send alerts according to rules and sensors you can define in JDeveloper. Michel believes this tool will be rewritten by Oracle in a near future to comply with the OS strategy of Oracle, understand Java.

At the end of the day, we have been watching a OWSM demo. Oracle Web Service Manager is a security product for your application. Instead of connecting to your OC4J component directly (with http), you actually access a Proxy server, where you can eventually add authentication with a directory server like OID and authorization, than access the OC4J url, which can be behind a firewall.

Learn more :


I posted yesterday some of my aliases. My favorite (and most obfuscated) one is the following (for bash)

eval $(awk -F: '/^[+a-zA-Z]/{l=tolower($1); sub("^+","",l); print "alias "l"=47x="$2";PATH=${PATH//$ORACLE_HOME/$x}; ORACLE_HOME=$x; ORACLE_SID="$1"; echo ORACLE_SID="$1"; 47; "}' /etc/oratab 2&gt;/dev/null)

I am setting my path and a default sid/home in my .profile

[ -z "$ORACLE_SID" ] &amp;&amp; export ORACLE_SID=LSC01
export ORACLE_HOME=$(sed -n "s/:.$//;s/^$ORACLE_SID://p" /etc/oratab)
export PATH

Than in my eval command above set an alias for each line in /etc/oratab

# /etc/oratab

so here is the list of my dynamically generated aliases

alias asm1='x=/home/oracle/oracle/product/10.2.0/db_2; PATH=${PATH//$ORACLE_HOME/$x}; ORACLE_HOME=$x; ORACLE_SID=+ASM1; echo ORACLE_SID=+ASM1;'
alias crs='x=/app/oracle/product/10.2.0/crs; PATH=${PATH//$ORACLE_HOME/$x};ORACLE_HOME=$x; ORACLE_SID=crs; echo ORACLE_SID=crs;'
alias lsc01='x=/app/oracle/oracle/product/10.2.0/db_2; PATH=${PATH//$ORACLE_HOME/$x};ORACLE_HOME=$x; ORACLE_SID=LSC01; echo ORACLE_SID=LSC01;'
alias rac1='x=/home/oracle/oracle/product/10.2.0/db_2; PATH=${PATH//$ORACLE_HOME/$x}; ORACLE_HOME=$x; ORACLE_SID=RAC1; echo ORACLE_SID=RAC1;'
alias rac2='x=/home/oracle/oracle/product/10.2.0/db_2; PATH=${PATH//$ORACLE_HOME/$x}; ORACLE_HOME=$x; ORACLE_SID=RAC2;echo ORACLE_SID=RAC2;'

One alias I also like to set is a switch-user alias + keep settings and profile !
alias oracle='su - oracle -c "DISPLAY=$DISPLAY ORACLE_HOME=$ORACLE_HOME ORACLE_SID=$ORACLE_SID PATH=$PATH bash --rcfile ~lsc/.bashrc"'

I also have exotic, less recommendable, aliases…

alias +='sqlplus -L /'
alias -- -='cd -'
alias ..='cd ..'
alias ...='cd ../..'
alias ....='cd ../../..'
alias .....='cd ../../../..'
alias ......='cd ../../../../..'
alias .......='cd ../../../../../..'
alias ........='cd ../../../../../../..'

I also have a very handy function, called p

p() {
    sqlplus -L -s "/ as sysdba" &lt;&lt;EOF  | sed -n 's/@ //p'
set echo off lin 9999 trimsp on feedb off head off pages 0 tab off
col name for a25
select '@',name, value from v\$parameter2 where upper(name) like upper('%$1%');
P() {
    sqlplus -L -s "/ as sysdba" &lt;&lt;EOF  | sed -n 's/@ //p'
set echo off lin 9999 trimsp on feedb off head off pages 0 tab off
col name for a25
select '@',ksppinm name,ksppstvl value FROM x\$ksppi join x\$ksppcv using (inst_id,indx) where upper(ksppinm) like upper('%$1%');

so I can check the parameter directly from the shell

$ P shared_pool_size
_io_shared_pool_size      4194304
shared_pool_size          0
__shared_pool_size        83886080

I also use KSH sometimes, there I have a slicly different version of my aliases…

OCM preparation

The OCM 10g Upgrade is currently under development, and the OCM 10g exam should be available in May.

How will I prepare for the 10g OCM?

  • Part I, get confident with the environment :
    According to, the exam will be on redhat AS3 with DB RHAS3 is not free. If I had not RH in my company, I would then probably use WhiteBox Linux or a similar RedHat clone to get an environment as close as possible to the lab. It seems very important to me is to get the same terminals (Gnome) and the same Browser (Mozilla 1.6).

    I am trained to customized my environment within seconds. For example, I like to have a bookmark for 10G Book List, one for the Reference, one for SQL Reference, one for PL/SQL Packages Ref and one for RMAN Reference. So within one click, I can reach the appropriate book. I also like to shortcut most of my commands… I like to type pmon instead of ps -ef |grep ora_pmon and so I defined some aliases. I am able to define those below plus a few more obscure ones in less than one minute.

    alias abort='echo shutdown abort|sqlplus -L -s / as sysdba'
    alias alert='vi $ORACLE_HOME/admin/$ORACLE_SID/bdump/alert_$ORACLE_SID.log'
    alias nomount='echo startup nomount quiet|sqlplus -L -s / as sysdba'
    alias ora='cd $ORACLE_HOME'
    alias pmon='ps -ef | grep [p]mon'
    alias startup='echo startup quiet|sqlplus -L -s / as sysdba'
    alias sysdba='sqlplus -L / as sysdba'
    alias tns='cd $ORACLE_HOME/network/admin'

    I have read man vi until my eyes hurt. I have trained using GNOME keyboard shortcuts until my finger skin burnt.

    I have shortcut to set my oracle homes, and I am proficient with Unix commands.

    With the few commands I defined, I am able to do most maintenance tasks and to call the oracle binaries like sqlplus faster than Lucky Luke.

    I have read the SQL reference manual, the reference manual, and the RMAN reference manual.
    I can type in less than two minutes the complete syntax for creating a database. I am familiar with the most commonly used character sets. I can create tablespaces, add and remove files (well, removing logfile and tempfiles only in 10gR1).

    I have a bulletproof backup and recovery strategy. I know how to check critical ORA- message in the alert log, I can identify the missing files / directories on disk, I can recover from any error.

    I know -almost- every listener.ora, sqlnet.ora (except the security related ones), and tnsnames.ora. I can create sqlnet.ora, listener.ora, tnsnames.ora, start and stop my listener within one minute.

  • Part II, read the specification
    I print the documentation and I make sure I have understood the objectives. I try every scenario. In order to save time during the preparation, I am using scripts, so that I can generate a few databases quickly. For each scenario, I am generating errors. If you train with a collegue, try to generate the most surprising database corruption for your collegue at each scenario 😉

    There is a RAC scenario. I have received an Egenera blade to test Oracle Real Application Cluster, with up to 8 nodes. I documented in a previous post the steps I followed to install RAC on my notebook before receiving the Egenera hardware : Suse10 10gR2 Laptop Rac.

    … invest enough time … do not schedule it too early … search for articles in Oracle magazine

  • Part III, relax
    It is a nice challenge. Do sleep enough before the exam. Book a quiet hotel at least one day before. Do not work on the day before. Just rest.

  • Oracle Application Server

    One month ago, I attended an Oracle Application Server course in Geneva, Switzerland. We were a group of 3 students and the 5-days lesson has been extremly interesting and intense. Starting at 9am, we used to finish at 5:30pm or later.

    At LC Systems, we have a few customers using OAS, that is why I did jump into this non-database product cursus.

    As I experienced in the course, it is quite different from Oracle Database. Technically speaking, you do not need much database know-how to administer an application server.

    There are basically two parts. One is the Infrastructure. It contains a Directory Server (LDAP) which is stored physically on a database. As for the Grid Control, you can just click Next->Next->Next->Install to have it up and running (if you are lucky). You do not specify the size of the memory, the location of the files, the logging mode, nothing. Just the database passwords.

    The second part is called the Middle Tier. It contains a J2EE engine. There you can “hotplug” your application : portal, forms, reports, discoverer…

    The consistency, availability, backup strategy are not as clearly defined as in the db world I know. In the “online backup” mode, you should just hope that nothing is going to modify the xml configuration files at the time you edit them. If your file system is getting full of logs, it can well happen that your config file get truncated. If you think you are not modifying anything during the backup, it could well be Oracle itself that updates the xml files. What did also sound dubious to me is the point in time recovery. It sounds like : “Well, I will try to recover until time your repository with rman, and if I found your backup sets on the disk, it may work. If the config changed since that time, well, this is probably not the best thing to try…”

    The security concept made me hurl more than one time. For example Portal. There is a superuser called PORTAL in the Oracle Internet Directory (OID). To my surprise, you can see his database password in clear text in the OID. This user has, no joke, DBA role in the database. You can “revoke” the DBA role from PORTAL in the Application Server Console, but, believe me, it does not revoke the DBA at the db level. The mod_plsql enables you to encrypt passwords in files. This is a 2-ways encryption, I doubt the algorythm is very strong. The concept rather rely on “No one should ever log-in neither on the application server (with telnet) nor on the repository database (with sqlplus).

    This morning I passed my 1Z0-311 exam with success (0 error).