lock system, restrict dbsnmp

An unlocked user is a security problem. Currently, all my unlocked users have only CREATE SESSION as system privilege, evtl ALTER SESSION. Except SYS, SYSTEM and DBSNMP To minimize this security problem, I implemented the following strategy on my test system. 1) delete password file, set remote_login_passwordfile=NONE, O7_DICTIONARY_ACCESSIBILITY=FALSE 2) alter user SYSTEM account lock; 3a) […]

new metalink interface

I just discovered that new interface today. Hopefully, my old bookmarks still work. I did not find the “Tar” button. Well, it is now named “Service Request”. I tried the ORA-600 lookup tool, Doc id 153788.1 but it does not work today, both Firefox and Explorer failed. MS Explorer reports a Java Script error. document.forms.0.tool_type.value […]

sys_connect_by_path in 8i or the danger to use undocumented parameters…

I have been posting on metalink technical forum about a query that I run against all my test databases but did not work in production. as it simpliest form select sys_connect_by_path(dummy,’:’) from dual connect by 1=2; well, there is nothing wrong with this query. I tried it on 8i, 9iR2, 10gR1 10gR2 and it worked […]

Tom Day 3 : read consistency, transparent data encryption, dbms_advanced_rewrite

Day 3 concludes the Tom workshop in Switzerland. We started with read consistency and write consistency, with an interesting example were a single row update could make a big job run thrice slower, because of the write consistency. Once again, Tom insist on saying that you must understand Oracle to write applications. Tom demonstrates a […]

encrypted listener password

There a few major changes in the database administration and the database security between 9i and 10g. In 9i, I used to grep in the listener.ora to find out the password. LISTENER_LSC61 = (DESCRIPTION=(ADDRESS_LIST= (ADDRESS=(PROTOCOL=TCP)(HOST=dbsrv85a.ex.zkb.ch)(PORT=10061)(QUEUESIZE=200)) )) PASSWORDS_LISTENER_LSC61 = 1234567890ABCDEF this 64bit encrypted string can be used in 9i to stop the listener $ lsnrctl LSNRCTL […]

add_years and years_between

I just wrote those two functions add_years and years_between they work similary to add_months and months_between, with the exception of leap years. there is exactly 1 year between 28-feb-2003 and 28-feb-2004 there is 1.00273224 year (1+1/366) between 28-feb-2003 and 29-feb-2004 there is 0.99726776 year (1-1/366) between 29-feb-2004 and 28-feb-2005 there is exactly 1 year between […]