Oracle Patches and Database Security

Oracle has had its share of security issues, to say the least, but came out this week with an astounding 51 patches.

In honor of the occassion, I've added several links to my web site about database security:

• Database Security
• Common Sense
• About Databases

These are two outstanding sites about Oracle security, in particular:

• Pete Finnigan
• O'Reilly Oracle Security Book

The Finnigan site has a blog with current issues and vulnerabilities, tools, articles and just tons and tons of stuff devoted entirely to Oracle security. The O'Reilly site is badly dated -- it's sample chapter from their out-of-print classic -- but it still has some general information about Oracle security that might be of interest.

There's also two books about database security, one currently available from Amazon and the other scheduled for release by the end of this month.

• The Database Hacker's Handbook
• The Oracle Hacker's Handbook

And, of course, to state the obvious, besides all the above technical controls specifically for databases, any database server should be hardened like any other server with limited access, up-to-date patches, unneeded services and ports turned off, and sufficient firewall, and anti-malware protection.