Page 2
Email
Print
Kelly Cox, an Oracle DBA who runs a consultancy in Alexandria, Va., was also pleased to hear that soon she could access a single view, as opposed to dealing with Oracles current multiplicity of auditing tables. "That table structure of auditing, it doesnt take long to figure out, but DBAs have enough on their plate without having to learn a whole new structure," she said.
Another feature of the future OEM will be the ability to not only track what patches have been applied but also to automatically link to Oracle Support Services OracleMetaLink, an online support feature for Oracle customers. This will allow DBAs, when logging on, to automatically receive patches.
Thats yet another thing thats been sorely needed in database security, according to Aaron Newman, chief technology officer and co-founder of Application Security Inc., a New York-based provider of database security technology. "A typical DBA doesnt have one or two servers—they track 50," he said. "So it helps to have a tool help them go across 50 servers to find out what patch was applied where. A tool like that is pretty necessary, not only for security but for data corruption issues."
Such sentiments in support of overburdened DBAs come on the heels of the discovery of a major vulnerability in Oracle databases last Tuesday. The unchecked buffer overflow vulnerability allows virtually any Oracle user to perform the "create database link" task—a privilege assigned to the "connect" role by default.
Oracles patch is available on OracleMetaLink to paying support customers. For others, Newman suggested that a workaround would be to revoke the "create database link" from the account of any untrusted user or from those users who dont absolutely need it.
Latest Oracle News:
