Security Blogs

20 Years of Securing Data in Oracle Databases

Pete Finnigan - Thu, 2023-02-09 07:46
This Sunday, the 12th of February 2023, is the 20th anniversary of the formation of my company Limited. Wow, 20 years has gone so fast and its appropriate to take stock and see where we have been and how....[Read More]

Posted by Pete On 09/02/23 At 10:48 AM

Categories: Security Blogs

Looking for GRANT ALL on objects

Pete Finnigan - Fri, 2022-10-21 15:26
This is the second part of the GRANT ALL on objects post that I made recently. This final look at this issue covers a simple SQL script that can be used to locate common objects where GRANT ALL has been....[Read More]

Posted by Pete On 21/10/22 At 10:14 AM

Categories: Security Blogs

Adding Scripting Languages to PL/SQL Applications - Part 1

Pete Finnigan - Sat, 2022-10-01 01:06
That is an interesting title. PL/SQL is a scripting language so why would I want to talk about adding another scripting language to PL/SQL or even adding a compiler to PL/SQL. First what possibilities are there? PL/SQL can be used....[Read More]

Posted by Pete On 30/09/22 At 12:49 PM

Categories: Security Blogs

Granting ALL on Database Objects

Pete Finnigan - Tue, 2022-08-09 09:06
I was asked by a friend a few days ago a few questions related to the granting of ALL on a database object such as a table or a PL/SQL package. For example - GRANT ALL ON OWNER.TABLE TO DAVE....[Read More]

Posted by Pete On 09/08/22 At 12:46 PM

Categories: Security Blogs

Do You Worry Your Companies data is Being Stolen?

Pete Finnigan - Fri, 2022-08-05 13:26
The number of data breaches is seemingly growing daily and a lot of companies worry that they could be the next statistic of misery and embarrassment. Do you lose sleep worrying that your company could be breached and its data....[Read More]

Posted by Pete On 05/08/22 At 12:47 PM

Categories: Security Blogs

Searchlight a Product to Make Finding Data Easy

Pete Finnigan - Fri, 2022-07-29 16:26
Do you need to comply with GDPR and protect personal data but have no idea where to start to locate that data? Searchlight; is a tool to find your data . Limited have become the reseller for a great....[Read More]

Posted by Searchlight On 29/07/22 At 11:22 AM

Categories: Security Blogs

Oracle Security - Hidden Grant When Create a Role and Revoke in a CDB

Pete Finnigan - Tue, 2022-06-07 18:26
I am keen to reduce grants made in any customers database. One area we can focus on is this curios state of affairs that the creator of a role in the Oracle database is also granted that role as part....[Read More]

Posted by Pete On 07/06/22 At 10:31 AM

Categories: Security Blogs

Adaptive Database Auditing and Security

Pete Finnigan - Wed, 2022-05-25 19:06
We are working with customers to design security for their Oracle databases and also to help and design audit trails. An audit trail is the easiest countermeasure or control that can be added to a database because if you do....[Read More]

Posted by Pete On 25/05/22 At 07:38 PM

Categories: Security Blogs

The challenges of securing data in an Oracle database

Pete Finnigan - Wed, 2022-05-11 07:06
I will be doing a talk at an even in Eight Members Club Bank, 1 Change Alley, London,EC3V 3ND on the 14th June 2022. The event runs from 8am to 10am. The event is free to attend and to register....[Read More]

Posted by Pete On 11/05/22 At 10:04 AM

Categories: Security Blogs

Add License Checks Anywhere in your PL/SQL

Pete Finnigan - Thu, 2022-03-31 01:46
Our product PFCLObfuscate allows dynamic obfuscation of PL/SQL. The original use of this in the product was to add licensing automatically to PL/SQL. This is similar to products that protect binaries such as C programs or DLLs. It is common....[Read More]

Posted by PFCLObfuscate On 30/03/22 At 05:31 PM

Categories: Security Blogs

Software from Building Blocks - Fast Development - One Month Projects

Pete Finnigan - Tue, 2022-03-22 16:26
More than 20 years ago I was working away from home and was in a loud restaurant / bar in London and chatting to colleagues there and we were all talking about ways to make money and ideas. I proposed....[Read More]

Posted by Pete On 22/03/22 At 06:33 PM

Categories: Security Blogs

Make Pete Finnigan a remote expert part of your team

Pete Finnigan - Thu, 2022-03-10 10:06
Over the last few years I have personally been asked many times to come and work full time in large companies to head up or direct their Oracle security efforts or more general database security efforts. Others ask us to....[Read More]

Posted by Pete On 10/03/22 At 01:40 PM

Categories: Security Blogs

Do we Need to Revoke PUBLIC from a User?

Pete Finnigan - Wed, 2022-03-02 18:46
I was having a discussion a couple of weeks ago with a friend and he said that in the company he is working at the Oracle database security standard / guide that they are working to told them that they....[Read More]

Posted by Pete On 02/03/22 At 02:37 PM

Categories: Security Blogs

Strong Passwords with Oracle Wallets

Pete Finnigan - Wed, 2022-02-23 22:06
I get involved a lot in recent years with Oracle SSL, TLS, TCPS, Kerberos and more. A lot more customers now are trying to use stronger database authentication as well as TLS/SSL encryption and many other features such as full....[Read More]

Posted by Pete On 23/02/22 At 02:01 PM

Categories: Security Blogs

How I Write an Oracle Security Training Course

Pete Finnigan - Tue, 2022-02-15 12:26
I mentioned a couple of weeks ago on Social media and also briefly in a blog post here that I am writing a new two day class "Oracle Database Vault Deep Dive". That is the working name at the moment....[Read More]

Posted by Pete On 15/02/22 At 11:17 AM

Categories: Security Blogs

Happy 19th Birthday Limited

Pete Finnigan - Sat, 2022-02-12 11:06
Just a short blog to wish my company Limited a happy 19th birthday. 19 years ago today, the 12th February 2003: I registered and launched the company 19 years ago to specialise in all things Oracle security. We focus....[Read More]

Posted by Pete On 12/02/22 At 09:50 AM

Categories: Security Blogs

Pete, Did You Deliver The Wrong Product?

Pete Finnigan - Thu, 2022-02-10 22:26
We sell a number of software products aimed at helping secure data in an Oracle database and we get this issue / point / question coming up from time to time. Yesterday morning I got an email from a customer....[Read More]

Posted by PFCLScan On 10/02/22 At 02:21 PM

Categories: Security Blogs

How do we Train Staff to do Oracle Security?

Pete Finnigan - Tue, 2022-02-08 15:26
I am asked this question comes up a lot and indeed this morning on a webex it came up again so I decided to discuss this question here. I started in this Oracle Security space a very long time ago....[Read More]

Posted by Pete On 08/02/22 At 02:21 PM

Categories: Security Blogs

Looking Forwards To 2022!!

Pete Finnigan - Fri, 2022-02-04 01:26
NOTE: I wrote this post back in January and then just after posting it the web server crashed. So, I guess a small number of people may have seen it before. It is essentially the same post now except for....[Read More]

Posted by Pete On 03/02/22 At 02:13 PM

Categories: Security Blogs

Log4j Vulnerabilities Impact On Oracle E-Business Suite - Updated Information

Multiple significant security vulnerabilities (CVE-2021-44228, CVE-2021-45046, and CVE-2021-4104) have been disclosed and patched in the popular Java logging library Apache Log4j.  This library is installed in Oracle E-Business Suite (EBS) environments and these vulnerabilities may be exploitable in your environment depending on Oracle EBS version, Oracle EBS patches applied, and customizations or third-party products.

On December 15th, Oracle has changed the remediation with the disclosure of the most recent Log4j security vulnerability (CVE-2021-45046) as the initial recommended fix was not complete.

Integrigy has completed a detailed analysis on the impact of these Log4j security vulnerabilities on Oracle E-Business Suite and you can access this analysis here -

Integrigy Log4j Vulnerabilities Impact on Oracle E-Business Suite Analysis

Integrigy's products AppDefend and AppSentry does not use the Log4j library, therefore, are not vulnerable to this security bug.

Please let us know if you have any questions regarding this security vulnerability at

Vulnerability, Oracle E-Business Suite
Categories: APPS Blogs, Security Blogs


Subscribe to Oracle FAQ aggregator - Security Blogs