Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 15th February 2011
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,510
Default Oracle releases database firewall

From http://www.h-online.com/security/new...l-1189611.html

The product uses white lists and black lists containing permitted and prohibited SQL commands. Statements that are not included in the white list can be blocked, substituted or simply logged by the firewall.

In a white paper, Oracle suggests using substitutions as the default operation as this will provide attackers with as little information as possible. For example, instead of SELECT * FROM table the firewall could execute SELECT * FROM table WHERE 'a'='b' which doesn't return any records. Similarly, instead of DROP TABLE table, if the command SELECT * FROM xxx was used it would make the database attempt to access a non-existent table and trigger an error message.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Oracle releases first VM VirtualBox 4.0 update J65nko News 0 19th January 2011 10:19 PM
Oracle releases VM VirtualBox 4.0 - Update J65nko News 0 24th December 2010 12:29 AM
Oracle releases VM VirtualBox 4.0 Beta 3 J65nko News 0 16th December 2010 10:34 PM
Oracle releases VM VirtualBox update J65nko News 0 10th August 2010 05:48 PM
Oracle releases VM VirtualBox 3.2.0 J65nko News 0 19th May 2010 09:49 PM

All times are GMT. The time now is 07:56 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick