Mark Rittman's Oracle Weblog
This is the weblog for Mark Rittman, a developer working on Oracle Data Warehousing technology based in Brighton, England. You can contact me at mark@rittman.net.
        

28 September 2003

I've just come across Pete Finnigan's website, where's he's put together an excellent set of links through to Oracle security papers written by himself and other third parties. One particularly interesting paper is on Detecting SQL Injection In Oracle, a bit of a 'hot topic' these days summed as;

"SQL Injection is a way to attack the data in a database through a firewall protecting it. It is a method by which the parameters of a Web-based application are modified in order to change the SQL statements that are passed to a database to return data. For example, by adding a single quote (‘) to the parameters, it is possible to cause a second query to be executed with the first. "

Some other useful papers available on the site include "An Introduction To Simple Oracle Auditing", "Exploiting And Protecting Oracle", and "A Simple Oracle Security Scanner". Pete specializes in Oracle Security and offers a detailed security audit of Oracle databases, details of which are on the website homepage.


1:21:50 PM    

Oracle don't release specifics about forthcoming product releases until just before the product gets launched, but if you take a look through the OTN OWB Forum there's a few clues emerging about what's coming up in the next major release of OWB, codenamed 'Paris' and due in Q2 2004. From what I understand, this is the version after the first OWB 10g release, and it'll be as different from OWB 9.2 as 9.2 was from 9.0.3.

First up is potential support for reusable mappings, similar to a feature in Informatica where elements of existing mappings can be cut and pasted into new mappings. Next is set-based updates, a complement to the existing (and less efficient) bulk row-based updates found in current versions of OWB.

The Paris release may well contain an Oracle Streams mapping operator, which will allow OWB to take advantage of the 'change data capture' mechanism that's been in Oracle since 9i was released. However, one feature it's unlikely to have is a 'enable/disable indexes' operator, a feature that'd be more than welcome as it's a bit of a strange ommission from an Oracle ETL tool.

All credit to the OWB product team who are keeping us informed as to future directions for the product; you're much more willing to invest time in working with OWB if you've got a good dialog with the product developers, and you've got a feel for where OWB's going. Thanks guys.


12:46:26 PM    

"We are trying to decide which reporting tool to use. What are some of the differences between Oracle Reports and Discoverer?"


10:26:38 AM    

© Copyright 2003 Mark Rittman.
 
September 2003
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        
Aug   Oct






Click here to visit the Radio UserLand website.

Subscribe to "Mark Rittman's Oracle Weblog" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.