Pete Finnigan

Subscribe to Pete Finnigan feed Pete Finnigan's weblog is the only weblog dedicated to Oracle security.
Updated: 15 hours 23 min ago

Oracle Security Blog Posts

Mon, 2018-12-24 00:26
I teach many training classes on Oracle security to lots of students worldwide both on-site and on-line and one area I often cover quote briefly is where can you find more information or keep up to date on Oracle security....[Read More]

Posted by Pete On 23/12/18 At 05:53 PM

Categories: Security Blogs

Virtual Patching or Good Security Design instead?

Wed, 2018-12-19 10:46
I got an email from someone recently who asked me about virtual patching for Oracle as they were running an out of date version of Oracle and were thinking that virtual patching maybe a good solution to make their database....[Read More]

Posted by Pete On 19/12/18 At 01:32 PM

Categories: Security Blogs

Oracle Privilege Analysis Now Free in EE from 18c and back ported to all 12c

Wed, 2018-11-21 05:06
Wow!!, i just got an email from someone in Oracle to let me know that the Privilege Analysis feature of Database Vault has had its licensing changed from this week to now be free as part of an Enterprise Edition....[Read More]

Posted by Pete On 20/11/18 At 10:06 PM

Categories: Security Blogs

Super Lock an Oracle Database

Thu, 2018-11-15 02:26
I started this blog post a few weeks ago and kept adding to it from time to time but I have been incredibly busy helping people secure data in their Oracle databases that it has taken a long time to....[Read More]

Posted by Pete On 14/11/18 At 02:20 PM

Categories: Security Blogs

Oracle Core Audit - Do you Audit your Core database engine for breach?

Sat, 2018-09-15 20:26
Oracles core database audit is a useful tool to monitor activity of the core database engine or applications and detect potential abuses. It seems to be a sad fact that with a lot of companies that i visit and from....[Read More]

Posted by Pete On 15/09/18 At 08:28 AM

Categories: Security Blogs

Oracle Security Training by Pete Finnigan in 2018

Thu, 2018-07-19 19:46
Are you worried about the data in your databases being stolen? GDPR has just become law across the EU and the UK and affects business in other countries that process EU citizens data. Maybe you store and process credit card....[Read More]

Posted by Pete On 19/07/18 At 02:04 PM

Categories: Security Blogs

Oracle Can Generate 6 Password Hashes When a User is Added or Password Changed in and Above

Wed, 2018-06-13 22:46
In a database it's possible that Oracle generates 6 different password hashes for one password for one user under certain circumstances when a password is changed or created (user is created). I will layout the 6 different ones first....[Read More]

Posted by Pete On 13/06/18 At 09:02 PM

Categories: Security Blogs

Need Help with Oracle Security GDPR Training and Services

Sun, 2018-06-10 02:46
I talked here a few days ago about GDPR in general and I also published my slides from my talk GDPR for the Oracle DBA . We have been helping clients secure data in their Oracle databases and training people....[Read More]

Posted by Pete On 09/06/18 At 04:33 PM

Categories: Security Blogs


Thu, 2018-06-07 19:46
The ability to make grants on objects in the database such as tables, views, procedures or others such as SELECT, DELETE, EXECUTE and more is the cornerstone of giving other users or schemas granular access to objects. I say granular....[Read More]

Posted by Pete On 07/06/18 At 06:58 PM

Categories: Security Blogs


Thu, 2018-06-07 01:26
I posted a couple of days ago my slides from the recent UKOUG Northern Technology day in Leeds where I spoke about GPPR for the Oracle DBA. I said then that i am also preparing a service line for helping....[Read More]

Posted by Pete On 06/06/18 At 03:10 PM

Categories: Security Blogs

GDPR for the Oracle DBA

Mon, 2018-06-04 18:26
I did a talk at the recent UKOUG Norther Technology Summit in Leeds, UK on May 16th. This talk was an enhanced version of the one i did at the UKOUG tech conference in Birmingham in December 2017 to a....[Read More]

Posted by Pete On 04/06/18 At 08:40 PM

Categories: Security Blogs Limited Printed Oracle Security Training Manuals for Sale

Mon, 2018-06-04 00:06
Over the last year or so we have offered for sale left over printed manuals from some of our training courses. Normally we only print the manuals for classes that we organise for in person training such as the classes....[Read More]

Posted by Pete On 03/06/18 At 01:47 PM

Categories: Security Blogs

Oracle Security Training In York, UK, 2018

Sun, 2018-06-03 05:46
I have just updated our public training dates page to add two new dates for Oracle Security training classes that I will be running here in York, UK. We now have 4 dates covering three available classes. These are as....[Read More]

Posted by Pete On 02/06/18 At 06:54 PM

Categories: Security Blogs

Running Code as SYS From Another User not SYSDBA

Wed, 2018-05-23 13:06
I have been embroiled in a twitter thread today about the post i made in this blog yesterday around granting privileges to a user and who should do the granting. Patrick today asked a further question: How do you make....[Read More]

Posted by Pete On 22/05/18 At 08:42 PM

Categories: Security Blogs

Who Should Grant Object Rights?

Wed, 2018-05-23 13:06
Patrick Jolliffe posted a question via a tweet back in April but due to personal health pressures with a close relative of mine I have not had the time to deal with much over the last few months. I did....[Read More]

Posted by Pete On 21/05/18 At 07:08 PM

Categories: Security Blogs

Oracle 18c Security utl_file_dir and schema no authentication

Tue, 2018-05-08 06:26
I have managed to build an 18c database this weekend to test and learn on. I have not had a massive time to look into 18c yet but I will do over the coming days and weeks. The new features....[Read More]

Posted by Pete On 07/05/18 At 09:10 PM

Categories: Security Blogs

New Oracle Security Public Training Dates Available

Fri, 2018-04-13 19:46
Due to some very critical close family health issues in the last few months I have delayed advertising any public training dates this year for my Oracle Security classes as I have had to be available for family support during....[Read More]

Posted by Pete On 13/04/18 At 10:10 AM

Categories: Security Blogs

Training Class Manuals For Sale

Tue, 2018-03-06 14:26
I have previously offered spare printed training manuals last year for sale here and these were snapped up. I have just found one manual for my two day class - how to perform a security audit of an Oracle database....[Read More]

Posted by Pete On 06/03/18 At 02:51 PM

Categories: Security Blogs

Pete Finnigan Presented About Oracle Database Vault and Oracle Security

Fri, 2018-02-16 07:06
I have not added much here on my site for some time due to a serious health issue taking a lot of my time with a close family member. So please bear with me if you email or contact me....[Read More]

Posted by Pete On 15/02/18 At 08:44 PM

Categories: Security Blogs

Grant DBA to yourself - exploit or not?

Wed, 2017-10-11 10:26
Yesterday Peter from the Master of Disaster Blog sent me an email to ask if I had seen the issue in his post before and whether it was a new exploit. I looked at the post and immediately recognised that....[Read More]

Posted by Pete On 11/10/17 At 12:06 PM

Categories: Security Blogs