Page 3

By John Pallatto  |  Posted 2004-09-02 Print this article Print

Oracle users also need to work more closely with Oracle. Its better for Oracle users to work the companys security experts to solve these problems "rather than stand up at a conference to announce to the world" about the discovery of new security loophole." said Niemiec, who is also former president of the International Oracle Users Group.

It doesnt help to publicly disclose these loopholes before Oracle has a chance to develop and release a fix. "If you really want to help, you are going to take it to [Oracle] first," he said.

Another database administrator said he didnt believe there was a major concern that Oracle databases were highly insecure before the patches were released this week.

"The patches are important, but doesnt mean the database isnt secure," said Craig Read, IT director at M-Trilogix Inc., an enterprise software provider based in Toronto. Oracle has "a secure product [and] a good team working on security issues," said Read, who is also president of the Toronto Oracle Users Group.

However, he believes that Oracle could be more proactive about getting information out on a more timely basis. For example, Read said Microsoft Corp. has done a better job of alerting customers about vulnerabilities in Windows and about the patches to fix them.

"Oracle is very much reactive now," Read said. But this major patch release "is the first step in the right direction" that gives Oracle a chance to be more proactive at tracking security vulnerabilities and fixing them on a regular basis.

He also suggested that this is a good time for Oracle to tone down the marketing rhetoric that its database is the most secure and the best in the world. "People are tired of that," Read said. It would be better if Oracle just continues to acknowledge security problems when it finds them and promptly issues a patch. "People would appreciate that more than just saying, We are unbreakable, " Read said.

Check out eWEEK.coms Enterprise Applications Center at for the latest news, reviews and analysis about productivity and business solutions.

Be sure to add our enterprise applications news feed to your RSS newsreader or My Yahoo page

John Pallatto John Pallatto is's Managing Editor News/West Coast. He directs eWEEK's news coverage in Silicon Valley and throughout the West Coast region. He has more than 35 years of experience as a professional journalist, which began as a report with the Hartford Courant daily newspaper in Connecticut. He was also a member of the founding staff of PC Week in March 1984. Pallatto was PC Week's West Coast bureau chief, a senior editor at Ziff Davis' Internet Computing magazine and the West Coast bureau chief at Internet World magazine.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel