Tuesday, March 24, 2015

Application Security - Database (Oracle)

more links on Application Security - Database (Oracle)

Monday, October 6, 2014

General links (Life beyond Oracle)

Hadoop FAQ – But What About the DBAs?

A few pages For MongoDB

A few pages for Ingres (INteractive Graphics REtrieval System)

A few pages for PostgreSQL

A few pages For SQL SERVER

A few pages for Powershell

A few pages for MySQL

A few pages for AWS

Tuesday, July 22, 2014

Here are few links/ pages for new/beginner DBAs

System Administration/ Unix Scripts

Monitoring CPU output on Solaris and report in excel
tail and grep tools for DBA
Good Linux / Unix System Admin Commands for DBA
Check Hardware configuration of Linux Box
grep next / previous few lines of key word
Collect and report Linux System Activity Information with sar
cpu vs core vs sockets - calculation 
Useful Shell commands and Scripts


Oracle Golden Gate

 

Oracle DBA 

RAC , ASM

Check the distribution of session on all the nodes 

 

SQL, PL/SQL , Automation

To put all the datafiles of the database or a tablespace in autoextend mode
Move table and dependant LOB to other tablespace
Converting Numbers to millions and more ...
Historical growth of tablespace
for the 1st time database users - How to start the database
Adding name of the table in the output from multiple tables

Performance Tuning

Explain plan for SQLs
Locks and Waits
Analyzing a Statspack Report
Schedule snapshot collection in Statspack reports
Local Indexes for Partitioning
Check maximum memory utilization for oracle Database
Identify Top CPU / Memory intensive process and map to corresponding Oracle Process/ Session
Identify Oracle Process ID and related SQL
check fragmentation of table
Identify session waiting on enq: TX - row lock contention 
Identify Sessions using an Object/ many Objects 
Detection of Deadlock errors and investigation

General

Oracle DBA Interview Questions
Oracle 11gr2 Database Reference
Configure FGA ( Fine Grain Auditing)
Favorite Oracle Metalink Notes
Renaming table: How does that affect the associated objects?
How to read Alert and Listener logs from SQLPLUS
Resize datafile and enable autoextend
Check Object Inventory & recently created objects
Life Without AWR
Stopping Oracle Services on Windows
Startup failure ORA-00845: MEMORY_TARGET not supported on this system
Check Tablespace Utilisation

Weblogic

FAILED_NOT_RESTARTABLE in WebLogic Server 11g

Peformance Testing

Wednesday, November 3, 2010

Cloud Computing

This page captures the brief view of cloud services

Following are some commonly used terms:
Cloud Computing (wikipedia)
Broadly, servers, virtualisation software, networking and storage are required to form cloud. Following components form a complete cloud:
· Scalable, powerful and cheap servers
· Integrated, virtualised, and hugely scalable storage
· Virtualised 10GbE network switching infrastructure
· Fibre Channel over Ethernet capability to link servers and storage across Ethernet
· Disaster recovery capabilities
· Service-quality tracking and control
· Management of a virtualised data centre
Cloud architecture was used by Web 2.0 but due to changing economies more enterprises are adopting it due to its pay-per-usage model. Virtualization enables cloud to offer more services than cloud could do without
virtualization, e.g. PaaS.
Private Cloud
Smaller cloud than a conventional one. It is cloud like IT systems within a firewall offering similar services, but
to a closed internal network. A private cloud can be expanded to contain resources from within an enterprize (on premise) as well as from external cloud (off premise).
Public Cloud
Cloud available to anyone over the internet. Examples are, Amazon Elastic Compute Cloud (EC2), IBM's Blue Cloud, Sun Cloud, Google AppEngine and Windows Azure Services Platform.
Service Provider
Entity providing cloud services to others.
Subscriber
Entity consuming a cloud service.
Cloud Services
There are various cloud services:
Infrastructure as a Service (IaaS) (wikipedia)
Service user gets infrastructure to run application without spending on hardware (saving CapEx),
e.g. a configured VM.
Platform as a Service (PaaS) (wikipedia)
Service user gets platform to develop/run applications on cloud without spending on cloud infrastructure, e.g. Azure, Google AppEngine, Force.com
Software as a Service (SaaS) (wikipedia)
Service user gets a software to use without spending on software license and hardware, e.g. eXpresso, Google Apps
Storage as a Service (STaaS)
Service user gets storage to use without spending on storage hardware, e.g. Synaptic, Mozy, Box.net, also T-systems, BT, etc offer storage services for enterprizes.
NOTE: Synaptic service is offered by AT&T, a telco. It makes perfect sense for a telco to offer such a service because they already have network to deliver the service. So, they can offer better value for money for the subscribers.

New Security Features in Oracle 11g

Finding User Accounts That Have Default Passwords

When you create a database in Oracle Database 11g Release 1 (11.1), most of its default accounts are locked with the passwords expired. If you have upgraded from an earlier release of Oracle Database, you may have user accounts that have default passwords. These are default accounts that are created when you create a database, such as the HR, OE, and SCOTT accounts.
For greater security, change the passwords for these accounts. Using a default password that is commonly known can make your database vulnerable to attacks by intruders. To find both locked and unlocked accounts that use default passwords, log onto SQL*Plus using the SYSDBAprivilege and then query the DBA_USERS_WITH_DEFPWD data dictionary view.
For example to find both the names of accounts that have default passwords and the status of the account:

CONNECT / AS SYSDBA 
Enter password: password  

SELECT d.username, u.account_status 

FROM DBA_USERS_WITH_DEFPWD d, DBA_USERS u 

WHERE d.username = u.username ORDER BY 2,1;  

USERNAME  ACCOUNT_STATUS 
--------- --------------------------- 
SCOTT     EXPIRED & LOCKED 
Then change the passwords for any accounts that the DBA_USERS_WITH_DEFPWD view lists. Oracle recommends that you do not assign these accounts passwords that they may have had in previous releases of Oracle Database.
Automatically Locking a User Account After a Failed Login
Oracle Database can lock a user's account after a specified number of consecutive failed log-in attempts. You can set the PASSWORD_LOCK_TIME user's profile parameter to configure the account to unlock automatically after a specified time interval or to require database administrator intervention to be unlocked. The database administrator also can lock accounts manually, so that they must be unlocked explicitly by the database administrator.
You can specify the permissible number of failed login attempts by using the CREATE PROFILE statement. You can also specify the amount of time accounts remain locked.

Password Case Sensitivity

In previous releases of Oracle Database, passwords were not case sensitive. If you import user accounts from a previous release, for example, Release 10g, into the current database release, the case-insensitive passwords in these accounts remain case insensitive until the user changes his or her password. If the account was granted SYSDBA or SYSOPER privilege, it is imported to the password file.When a password from a user account from the previous release is changed, it then becomes case sensitive.

You can find users who have case sensitive or case insensitive passwords by querying the DBA_USERS view. The PASSWORD_VERSIONS column in this view indicates the release in which the password was created. For example:
SELECT USERNAME,PASSWORD_VERSIONS FROM DBA_USERS;

USERNAME                       PASSWORD_VERSIONS
------------------------------ -----------------
JONES                          10G 11G
ADAMS                          10G 11G
CLARK                          10G 11G
PRESTON                        11G
BLAKE                          10G
The passwords for accounts jonesadams, and clark were originally created in Release 10g and then reset in Release 11g. Their passwords, assuming case sensitivity has been enabled, are now case sensitive, as is the password for preston. However, the account for blake is still using the Release 10g standard, so it is case insensitive. Ask him to reset his password so that it will be case sensitive, and therefore more secure.


Ensuring Against Password Security Threats by Using the SHA-1 Hashing Algorithm

The SHA-1 cryptographic hashing algorithm protects against password-based security threats by including support for mixed case characters, special characters, and multibyte characters in passwords. In addition, the SHA-1 hashing algorithm adds a salt to the password when it is hashed, which provides additional protection. This enables your users to create far more complex passwords, and therefore, makes it more difficult for an intruder to gain access to these passwords. Oracle recommends that you use the SHA-1 hashing algorithm.
Many password cracking tools rely on access to the Oracle Database data dictionary. The tool must first obtain the hash values of the password by using an administrator account or by gaining direct access to the hash values that are stored on media such as backup tapes or disk drives containing database files. (For this reason, it is a good idea to encrypt backup media that contains database files.) The cracking tools then use clear text password combinations to create the new hash, match the new hash with the existing hash, and thus obtain an existing password.
You optionally can configure Oracle Database to run in exclusive mode for Release 11 or later. When you enable exclusive mode, then Oracle Database uses the new SHA-1 hashing algorithm exclusively. Oracle Database 11g exclusive mode is compatible with Oracle Database 10g and later products that use OCI-based drivers, including SQL*Plus, ODBC, Oracle .NET, Oracle Forms, and various third-party Oracle Database adapters. However, be aware that exclusive mode for Release 11g is not compatible with JDBC type-4 (thin) versions earlier than Oracle Database 11g or Oracle Database Client interface (OCI)-based drivers earlier than Oracle Database 10g. After you configure exclusive mode, Oracle recommends that you remove the old password hash values from the data dictionary.
Follow these steps:
  1. Change all old passwords to include mixed case and special characters.
  2. Verify that the passwords in test scripts or batch jobs are consistent in their use of mixed case and special characters.
  3. Enable exclusive mode.
    1. Create a back up copy of the sqlnet.ora parameter file, by default located in the $ORACLE_HOME/network/admin directory on UNIX operating systems and the %ORACLE_HOME%\network\admin directory on Microsoft Windows operating systems.
    2. Ensure that the sqlnet.ora file has the following line:
      sqlnet.allowed_logon_version=11
      
    3. Save and exit the sqlnet.ora file.
    4. If necessary, restart the listener. At a command prompt, enter the following commands:
      lsnrctl STOP listener_name
      
      lsnrctl START listener_name
      
      listener_name is the name of the listener defined in the listener.ora file. You do not need to identify the listener if you are using the default listener, named LISTENER.