Oracle Simplifies Data View

Oracle Corp.s plan to offer a single-browser-based view in its Oracle Enterprise Manager is being greeted with glee by users, particularly in light of a major Oracle database vulnerability discovered late last month.

Oracle, at the International Oracle User Group conference in Orlando, Fla., late last month, outlined its vision of a self-managing database that depends on an enhanced version of OEM.

This upgrade, due with the next release of Oracle Application Server this summer, will allow database administrators to see information from all databases, as opposed to being forced to monitor and manage each system, said officials at the Redwood Shores, Calif., company.

The consolidated OEM view may fill a hole in Oracles database security interface, said Jim Wolff, a senior DBA and manager for MIS operations at Space Gateway Support, Kennedy Space Center, Fla.

“As a DBA working with Oracle products since about 1988, [Id say] they have good security for the most part, but everything has vulnerabilities,” Wolff said. “Where [Oracle is lacking] is in the ability to provide for an easy-to-use interface for the DBAs to monitor auditing and those kinds of things.”

Currently, those activities take a large bite out of DBAs time, Wolff said. “You have to develop your own scripts and interfaces,” he said. “Thats a really big hole.”

Another feature of the OEM upgrade will be the ability to not only track what patches have been applied but also to automatically link to Oracles online support site, OracleMetaLink. This will allow DBAs to automatically receive patches.

Thats yet another thing thats been sorely needed in database security, according to Aaron Newman, chief technology officer and co-founder of Application Security Inc. “A typical DBA doesnt have one or two servers—they track 50,” said Newman, in New York. “So it helps to have a tool to help them go across 50 servers to find out what patch was applied where. A tool like that is pretty necessary, not only for security but for data corruption issues.”

Oracle DBAs have had enough on their hands patching a major vulnerability in Oracle databases that came to light late last month. The unchecked buffer overflow vulnerability allows virtually any Oracle user to perform the “create database link” task—a privilege assigned to the “connect” role by default. A patch for the vulnerability, which occurs in many versions of the Oracle database from Version 7 to the present 9i Release 2, is available on OracleMetaLink.