Since last quarter of 2016, a very easy to explore SQL Injection came to public where having a combination CREATE SESSION + EXECUTE_CATALOG_ROLE, an user could escalate his privileges to DBA. The first time I've read about this leak was on Mahmoud Hatem blog. This SQL Injection affects 12.1.0.2 and 12.2.0.1 when the user has this …
January 2018 archive
Jan 23
Dissecting 180116 BP, PSU, RU and RUR
Since Oct-2017 I am quarterly writing a post dissecting the changes implemented by Oracle CPUs so we can understand better the modifications implemented by Oracle in our Databases. So what oracle internal objects were changed in 180116? VERSION PATCH OWNER TYPE TOTAL -------------------- ---------- ------------------------------ ------------------------------ ---------- 11.2.0.4 PSU & BP SYS PACKAGE 1 11.2.0.4 …
Jan 22
Implementing Oracle Connection Manager with High Availability
One of the biggest problemas we have in Oracle Cloud Infrastructure Classic is that when you provision an ExaCS you cannot assign "IP Network" addresses (as known as private IPs, eg: 10.x.x.x) to your ExaCS machine. That being said, you have only 2 options if you want to communicate your applications in Compute Classic (as …
Jan 09
Oracle Cloud Ashburn x Chicago bandwidth test
Those days I had to implement an Oracle Cloud "IAAS Classic" solution for databases and applications with DR environments, considering the primary region as Ashburn (uscom-east-1) and the standby region as Chicago (uscom-central-1). To make both regions talk securely over the internet, I had to implement a VPN connection between both regions. Before stating everything, …