Re: Best way to store images in DB ?
At 08:14 PM 11/26/2002, oraora oraora wrote: Guys, i have to store 20,000,000 images of 5k each in DB. which is the best possible way to do it ? I'd vote for interMedia. interMedia image is designed specifically to store images in the database. It may be an extra cost in 8.1.6, but IMHO it's well worth it. Justin Cave Justin Cave Distributed Database Consulting -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Justin Cave INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
FW: OSF11 in TRU64 Unix
Hi again, After some more combined effort we came to know that this is a documentation bug where OSF11 should be spelled as OSFX11. However Oracle has not admitted this so far... JDK version is still a mystery to me ... Cheers, Rajesh -Original Message- Dayal Sent: Wednesday, November 27, 2002 10:51 AM To: '[EMAIL PROTECTED]' Hi everybody, I am about to install Oracle 9i release 2 on TRU64 Unix. In one of the pre-requisites, Oracle suggests to have OSF11 installed on the Operating System. Some how our System Admin is not able to locate where from this component/package would come. Any-body having any idea, how to install and where from to download this component/package. Also please clarify what minimum version of JDK is required? At some place they say minimum required is 1.3.1 while in some other document (Doc ID: 169706.1) they say minimum version of JDK required is 1.1.8. Some body help please, Best Regards, Rajesh -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rajesh Dayal INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: OSF11 in TRU64 Unix
-Original Message- I am about to install Oracle 9i release 2 on TRU64 Unix. In one of the pre-requisites, Oracle suggests to have OSF11 installed on the Operating System. -- For what it's worth, it installs fine on this: (NOTHING)/oracle/app/oracle uname -a OSF1 box.domain.com V5.1 732 alpha -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephen Lee INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Imp of all users tables
If you are doing this with an export that was taken with the data=n option set (only exporting the tables structures with no data in them), then you could use the DBATool to easily generate the scripts to do this. http://www.cool-tools.co.uk/products/dbatool.html HTH Mark === Mark Leith | T: +44 (0)1905 330 281 Sales Marketing | F: +44 (0)870 127 5283 Cool Tools UK Ltd | E: [EMAIL PROTECTED] === http://www.cool-tools.co.uk Maximising throughput performance -Original Message- Sent: 27 November 2002 02:24 To: Multiple recipients of list ORACLE-L -Original Message- imp system/pwd fromuser=david touser=david tables=a,b,c,... ignore=y file=expdat.dmp How can I do all (and not a full=y) of the 544 tables for one user at one time? Leave out the tables=. Then it will default to all the tables of that user. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephen Lee INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Mark Leith INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Outlines Clarification
Having CREATEd the outlines on NON-Partitioned Tables in RULE ; On partitioning SOME of the tables Changing the optimizer_mode=CHOOSE , Will the outlines work for followig SQL Query Cases :- 1) Containing only the partitioned table 2) SQL Join between multiple partitioned tables 3) SQL Join containing some PARTITIONED some NON-Partitioned tables NOTE - NO change whatsoever done in the Application Software -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: VIVEK_SHARMA INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Imp of all users tables
DOH! I really shouldn't reply without any coffee in the mornings! This should of course read: If you are doing this with an export that was taken with the ROWS=N option set -Original Message- Sent: 27 November 2002 09:44 To: Multiple recipients of list ORACLE-L If you are doing this with an export that was taken with the data=n option set (only exporting the tables structures with no data in them), then you could use the DBATool to easily generate the scripts to do this. http://www.cool-tools.co.uk/products/dbatool.html HTH Mark === Mark Leith | T: +44 (0)1905 330 281 Sales Marketing | F: +44 (0)870 127 5283 Cool Tools UK Ltd | E: [EMAIL PROTECTED] === http://www.cool-tools.co.uk Maximising throughput performance -Original Message- Sent: 27 November 2002 02:24 To: Multiple recipients of list ORACLE-L -Original Message- imp system/pwd fromuser=david touser=david tables=a,b,c,... ignore=y file=expdat.dmp How can I do all (and not a full=y) of the 544 tables for one user at one time? Leave out the tables=. Then it will default to all the tables of that user. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephen Lee INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Mark Leith INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Mark Leith INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Client 8.1 using OID 9.2.0
I wanted a long time to use OID for name resolution instead of tnsnames. Well, today I had my wish. Deborah, from Oracle Israel, told me a little secret. You have to define the oracle context under cn=something and not in the root. Once we did it name resolution using OID worked. Next step: Replication and failover. Will keep you all posted. Yechiel Adar Mehish -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Yechiel Adar INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Primary Key Constraints
Hi Mike,
I presume you want to disregard System tables, so here goes
select owner, table_name from dba_tables
where owner not in ('SYS','SYSTEM','OUTLN','DBSNMP')
minus
select owner, table_name from dba_constraints where constraint_type = 'P';
-Original Message-
Sent: Tuesday, November 26, 2002 7:25 PM
To: Multiple recipients of list ORACLE-L
Is there an easy query to get a list of tables that don't have any primary
key?
I've tried a couple of different ones, but none of them work quite right.
Seems like this should be easy.
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Mike Sardin
INET: [EMAIL PROTECTED]
Fat City Network Services-- 858-538-5051 http://www.fatcity.com
San Diego, California-- Mailing list and web hosting services
-
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Kieran Murray
INET: [EMAIL PROTECTED]
Fat City Network Services-- 858-538-5051 http://www.fatcity.com
San Diego, California-- Mailing list and web hosting services
-
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
RE: Oracle 9i installation - Basic Qs
Agreed Jared. I was playing the percentages for the sake of a quick, clear answer. In my experience most of the time it's going to be root. Cheers, Mike -Original Message- Sent: 26 November 2002 17:44 To: Multiple recipients of list ORACLE-L Mike, Not necessarily. It depends on who started the Xsession. I regularly run 'xhost' on my workstation as a non-root user. Root is unable to do so on the same machine. Jared Hately, Mike (NESL-IT) [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/26/2002 07:54 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:RE: Oracle 9i installation - Basic Qs Hi, you'll need to be signed in as root in order to run the xhost + command. The rest of that looks fine so : as root : xhost + as oracle_user : export DISPLAY=PC Client IP address:0.0 xclock(to test yopur X config) NB Exceed has its own array of bugs when used with the Oracle installer. Good luck and I hope the 9i instaler handles Exceed better. regards, Mike Hately -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Hately, Mike (NESL-IT) INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: 9i Client permission required on WinXP
I tried this, but it hasn't worked. Is there anything else you know about that I can try? Thanks. -Original Message- Sent: 26 November 2002 15:09 To: Multiple recipients of list ORACLE-L I believe that we solved this by specifically giving access to the registry key [ORACLE] to the Users on the machine that required it. The administrator that helped us with this isn't in today, so I can't be totally sure. If I track down his write-up I'll post it. Keith H. -Original Message- From: Jared Cooper [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 4:39 AM To: Multiple recipients of list ORACLE-L Subject: 9i Client permission required on WinXP We've recently upgraded many client machines to WinXP and found that the only way we can get the 9i client to connect to the server is if the windows user account is an administrator on the client machine. We've tried giving full access to the c:\oracle and c:\program files\oracle directories to the windows user, also the various references found in the windows registry, but this doesn't work. Only if the user is a local administrator can they connect. Each time we try to get a connection with a restricted user we get ORA-01019 unable to allocate memory in the user side - But we've also seen errors relating to NLS_LANG. Does anyone know which permissions to set on which Oracle directories / registry keys / whatever, to allow a restricted windows user to connect to Oracle (or is there more to it than this)? Thanks in advance. Jared Cooper IT Development Support Fairbanks Environmental __ __ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk __ __ -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jared Cooper INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Henry, Keith INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jared Cooper INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Outlines Clarification
The SQL Queries will Remain the SAME , only SOME of the Tables will be paritioned into different tablespaces We have found our application SQL Queries to work well with RULE , Hence the Creation of the Outlines done in RULE . But after paritioning since SQL Queries on the PARTITONED Tables will run Only on COST we will USE the Outlines so Created Earlier Unless you mean to keep the Optimizer_mode=RULE even after partitioning to make the optimizer jump back forth between RULE COST (depending on whether NON-partitioned Or Partitioned Table is Accessed in the SQL ) Thanks -Original Message- Sent: Wednesday, November 27, 2002 3:36 PM To: VIVEK_SHARMA; LazyDBA.com Discussion 1. Optimizer must be CBO. 2. outlines are based on a Query Example: if you create an outline called AXZ for SELECT ename FROM emp; The outline AXZ will be used *if only if*, you query is exactly as SELECT ename FROM emp; Note: CBO is sensitiv to cases, blank space etc... so if you type sElect ENAME from EMP;...do NOT be supprised to see your plan not showing up.. Regis -Original Message- Sent: Wednesday, November 27, 2002 9:51 AM To: LazyDBA.com Discussion Having CREATEd the outlines on NON-Partitioned Tables in RULE ; On partitioning SOME of the tables Changing the optimizer_mode=CHOOSE , Will the outlines work for followig SQL Query Cases :- 1) Containing only the partitioned table 2) SQL Join between multiple partitioned tables 3) SQL Join containing some PARTITIONED some NON-Partitioned tables NOTE - NO change whatsoever done in the Application Software Oracle documentation is here: http://tahiti.oracle.com/pls/tahiti/tahiti.homepage To unsubscribe: send a blank email to [EMAIL PROTECTED] To subscribe: send a blank email to [EMAIL PROTECTED] Visit the list archive: http://www.LAZYDBA.com/odbareadmail.pl Tell yer mates about http://www.farAwayJobs.com By using this list you agree to these terms:http://www.lazydba.com/legal.html * This electronic transmission is strictly confidential and intended solely for the addressee. It may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not disclose, copy or take any action in reliance of this transmission. If you have received this transmission in error, please notify the sender as soon as possible. This footnote also confirms that this message has been swept for computer viruses. ** -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: VIVEK_SHARMA INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Best way to store images in DB ?
At a very simplistic level: Lots of small things: databases are very good Not many larger things: file systems are very good In your case, then I'd be looking at storing the images in the database hth connor --- oraora oraora [EMAIL PROTECTED] wrote: Guys, i have to store 20,000,000 images of 5k each in DB. which is the best possible way to do it ? can i store it as BLOB or use UTL_FILE_DIR ? is there any other means of achieving the same ? it's 8.1.6 on Win2k. Kindly let me know. TIA. Jp. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: oraora oraora INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). = Connor McDonald http://www.oracledba.co.uk http://www.oaktable.net GIVE a man a fish and he will eat for a day. But TEACH him how to fish, and...he will sit in a boat and drink beer all day __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: =?iso-8859-1?q?Connor=20McDonald?= INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Using RECYCLE pool?
Assuming the stuff that you want in the recycle pool is: - consuming too much of your default pool - isn't being used too much you could so some sampling on x$bh using obj and tch to make some conclusions. John Beresniewicz wrote a paper on this some time ago, but I don't have it handy - maybe someone else can help. hth connor --- DENNIS WILLIAMS [EMAIL PROTECTED] wrote: Is anyone using the Oracle RECYCLE buffer pool? What was your criteria to select tables? The application I am considering RECYCLE for doesn't perform table scans, so that eliminates one common suggestion. Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: DENNIS WILLIAMS INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). = Connor McDonald http://www.oracledba.co.uk http://www.oaktable.net GIVE a man a fish and he will eat for a day. But TEACH him how to fish, and...he will sit in a boat and drink beer all day __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: =?iso-8859-1?q?Connor=20McDonald?= INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Slightly OT - Who would you take with you...
An Ignorant Qs. :- Can someone please tell how to access the Archives ? unless the archives are existing elsewhere ? On accessing the lazydba.com site all i could see was the last 100 odd E-mails Thanks -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: VIVEK_SHARMA INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Slightly OT - Who would you take with you...
I'll stick with Leinenkugel's. Blatz gives the splats. -Original Message- Sent: Tuesday, November 26, 2002 2:25 PM To: Multiple recipients of list ORACLE-L Schlitz gives me the Blatz. (But Blatz gives me the Schlitz) And most beers, even watered down American lagers (like malt liquors), use multiple types of grains in their malts. Olde English 800???!?? In the words of the immortal Don Martin, Blech!. And where's the venerable Colt 45? Of course, Mickey's Big Mouth was the Official Beer of Nintendo... :) Rich Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 1:04 PM To: Multiple recipients of list ORACLE-L Subject: RE: Slightly OT - Who would you take with you... Well, there's Schlitz, King Cobra, Olde English, Mickey's Big Mouth, et al. Single Malt Liquor at its finest! Scott Shafer San Antonio, TX 210.581.6217 -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Farnsworth, Dave INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Oracle Log Miner Question
OEM in 9i joe [EMAIL PROTECTED] wrote: Dear All, Does anybody know if there is a front end tool available for the Oracle Log Miner...? Prem -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Joe Testa INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle OS level security
I believe the BBED tool is being phased out. Regards, Patrice Boivin Systems Analyst (Oracle Certified DBA) -Original Message- Sent: Tuesday, November 26, 2002 8:09 PM To: Multiple recipients of list ORACLE-L Jared: Any one with a reasonable knowledge of Oracle Data Storage Internals can use the Data block Editor (BBED) to update anything in your database without the knowledge of the RDBMS kernel auditing mechanisms. Agreed,BBED is protected by a password in Windoze ports and one need to explicitly make the executable in Unix ports. But the point here is the hacker can do anything using the BBEd and this can be done even while your database is up and running !! What is their take on this kind of attack(!)s? Best Regards, K Gopalakrishnan -Original Message- [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 3:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used as a reference to look for unauthorized transactions in the primary server. If this same admin has access to the remote server where the MV's are, then this can also be circumvented. There is also the logs created as when logging in as internal or sysdba. ( $ORACLE_HOME/rdms/audit/*.aud ) These can simply be deleted. Some system could be used to save these to a remote server, but it would have to run *very* frequently to be effective. Oracle password files could also be used. While this can prevent someone from logging in as SYS or SYSTEM while in place, all it takes is a change to init.ora, and a database bounce to fix that. Make your bogus data changes, change the init.ora back and bounce the database again. A somewhat clever person could set this up to automatically take place the next time the DB is bounced. The conclusion I have come to is that the only effective method that could be used to create an audit trail for such a scenario is to create Materialized Views on sensitive tables, and create them on a server that admins are guaranteed to not have access to. Of course, I may be missing something. I'm not always one to catch all the details right off. Input, comments, suggestions, far out ideas are all welcome. If you've read this far, thanks! Jared -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: K Gopalakrishnan INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San
RE: Using RECYCLE pool?
Real-life example : using Siebel EIM, by placing EIM tables into separate buffer pools, I saw a small advantage, say 5 - 10 % in buffer cache latch reduction and more efficient use of cached IO. But after tuning the structures so that I reduced logical IO's, I saw a 2000% throughput improvement of EIM, to the amazement of all skeptics on the project (also bumped up initrans and ran multiple parallel streams). So prioritize where you spend your tuning efforts. Reduction of logical IO = biggest bang for buck ! Getting off my soapbox now. Lots to do. Ciao : Ferenc Mantfeld Ok, 5-10%, before or after everything else is addressed? I totally agree with where the biggest bang for the buck comes from and where focus should be spent. But let's assume one has reduced all of the needless work and poor algorithms, that the CBO is making great decisions in 99.999% of the cases, the physical side is nailed down perfectly, the data is optimally organized, etc. Just how much more could be squeezed out by making great use of the multiple buffer pools? We have all seen the cache effect -- the query that completes much faster when immediately run again (now was that the buffer cache or your EMC cache and how does all that play together, x$bh here we come ;-)). Just curious how much more could be gained, not that we are at that point yet ;-) Larry Elkins -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Larry Elkins INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle OS level security
Jared, Nice question. I don't have an answer, but a comment. It all comes down to Risk Management. In my opinion, Risk Management entails identifying all known risks to losing or changing data in an authorized manner. Once the risks are identified and explained to the organization, they decide what needs to be dealt with and what they are willing to risk based on the probability of the event actually happening. In your example, you've identified the risk of allowing other people admin access on the database server machine. If management is unwilling to revoke these privs, then they need to understand the risk that they have accepted. The risk they've accepted is that someone could, thru the use of stolen passwords, the BBED editor, or simply deleting a database file, cause a disruption, loss of service or loss of data to the organization. And there is not much you (as the DBA) can do about it. I'm sure I'm preaching to the choir here. But a lot of what we (DBA's) do comes down to communication and education of management, and explaining things in terms that they can understand. Hope this helps. Tom Mercadante Oracle Certified Professional -Original Message- Sent: Tuesday, November 26, 2002 6:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used as a reference to look for unauthorized transactions in the primary server. If this same admin has access to the remote server where the MV's are, then this can also be circumvented. There is also the logs created as when logging in as internal or sysdba. ( $ORACLE_HOME/rdms/audit/*.aud ) These can simply be deleted. Some system could be used to save these to a remote server, but it would have to run *very* frequently to be effective. Oracle password files could also be used. While this can prevent someone from logging in as SYS or SYSTEM while in place, all it takes is a change to init.ora, and a database bounce to fix that. Make your bogus data changes, change the init.ora back and bounce the database again. A somewhat clever person could set this up to automatically take place the next time the DB is bounced. The conclusion I have come to is that the only effective method that could be used to create an audit trail for such a scenario is to create Materialized Views on sensitive tables, and create them on a server that admins are guaranteed to not have access to. Of course, I may be missing something. I'm not always one to catch all the details right off. Input, comments, suggestions, far out ideas are all welcome. If you've read this far, thanks! Jared -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message
RE: Slightly OT - Who would you take with you...
-Original Message- Sent: Monday, November 25, 2002 4:05 PM Robert, I can dig where you are coming from with your request. The replies it generated were worth a read too. In them there were some good points re the relative usefulness of an archive and the difficulty of trapping those true nuggets which reflect usually hard won experience in a sometimes hidden or obscure corner of Oracle. When I started on the list I used to hardcopy postings I deemed useful. Hardcopy 'cos like you I didn't really have soft space for them. I gave up in disillusionment from trying to find a way to file and more importantly be able to quickly retrieve these hardcopies by using some sort of keyword lookup. I used to number the hardcopy and log it in a spreadsheet with key words against it. This spreadsheet functioned as my index to articles! So now I'm curious as to how you are/were planning to lookup a topic or issue. Something as simple as search all mails for word X?. - Seán O' Neill Organon (Ireland) Ltd. [subscribed: digest mode] To: Multiple recipients of list ORACLE-L Board - If you had to choose the 10 top posters here at Oracle-L who provided the biggest input and knowledge, who would they be? Who are the top 10 Oracle Guru's on this news group? I'm asking because my mailbox is FULL, and I have to trash a large amount of the stored stuff thats here. I'm going to archive some of it to CD, but I have limited space, so I want to archive those people who are constantly offering the most insightful advice (I know it's available online, but I'm not always online and it's nice to be able to search these emails for targeted content). Anyone want to take a crack at a list? You are welcome to email me private if you are afraid you would hurt someone's feelings. I'd be happy to compile the lists and report back to the group the overall answers, but all email to me will be treated as strictly confidential. Robert Robert G. Freeman - Oracle OCP This message, including attached files, may contain confidential information and is intended only for the use by the individual and/or the entity to which it is addressed. Any unauthorized use, dissemination of, or copying of the information contained herein is not allowed and may lead to irreparable harm and damage for which you may be held liable. If you receive this message in error or if it is intended for someone else please notify the sender by returning this e-mail immediately and delete the message. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re:The future DBAs?
The hard part is explaining to people that don't quite understand the concept. That is an understatement! In fact, most people in our IT department get along - that is until we have meetings to discuss data models. Jay [EMAIL PROTECTED] 11/26/02 05:19PM Personally, I like Data Architecture. And data modeling. I never could get enough of that. The hard part is explaining to people that don't quite understand the concept. Dave Hay rules! http://www.amazon.com/exec/obidos/tg/detail/-/0932633293 Being the sole DBA for the company, I don't get nearly enough opportunities for this anymore, and don't have the time for much of it anyway. Jared [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/26/2002 10:04 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:Re:The future DBAs? Well, I give MicroSlop pretty poor grades for predicting the future and Monster.com is absolutely useless (naw make that less than) at job stuff in general. I will agree with the person who wrote the article on one point. The job of being a DBA is changing and we all need to remain flexible to remain useful in the marketplace. That in some cases means spreading our wings from the historical role of DBA. We may need to become part time (or full time) data architects, reporting tool experts, etc... But in the end, I don't see us degrading to the level of an order entry clerk nor order entry clerks upgrading to DBA's. As usual the MicroSlop propaganda machine is at work again. Dick Goulet Reply Separator Author: Arup Nanda [EMAIL PROTECTED] Date: 11/25/2002 5:48 PM Fellow DBAs and other DBA wannabes, Ever wondered the best path into a DBA career? Microsoft offers a brilliant way. MSN Careers at http://editorial.careers.msn.com/articles/nofuture/ suggests some jobs are effectively dead, like farmers and sewing machine operators and how the experts in that field can progress to the next logical career move. Guess which profession's logical career move is database administrator? See the excerpt from the webpage here in the attachment as a picture. I just couldn't resist posting it here. May be they are referring to SQL Server DBAs? Arup Nanda **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of DE except to the extent that it relates to their official business. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jay Hostetter INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: redo log file setup with mirrored drives
Now for those who are into this worst scenario thing let me ask you: What if I put your storage array between a 30HP air conditioning blower moter and a spot welder, and run a couple of paint shakers on top of the array to boot. What will your vaunted Oracle multiplexing do for you then? Huh? Well, smarty pants, I'm waiting! We do hardware mirroring to protect against controller and disk failures. We do redo log file multiplexing to protect against fat fingers and other odd-ball stuff that have caused problems for an entire file system. Call it an unreliable OS, poor SA (ok, maybe even DBA) practices, whatever. The fact is that I've experienced it and I've been grateful to have the redo logs multiplexed. Each DBA can weigh the pros/cons and decide for themselves. Given your scenario above, mirroring or multiplexing within the array would both be useless. The entire storage array would have to be mirrored. But I don't rely on my multiplexing for this type of disaster. The multiplexing is for other issues I've encountered over the years. I wish I could maintain only 1 member redo log groups. My OS is man-made and occassionally has a bug. Sometimes I'm brain-dead and make a stupid mistake. So I'm opting for all the protection I can get, because I don't want to tell our company executives that their data is unrecoverable. Jay [EMAIL PROTECTED] 11/26/02 09:49PM -Original Message I believe the forgone conclusion you are talking about is that mirroring outside of Oracle MAY result in data loss MAY is a very important word. The multiplexing of redo logs across multiple disks and controllers is a simple way protect your database from potential failure. Your position appears to be that hardware mirroring, software mirroring, RAID hardware, and the controllers feeding them all are infallible. For those of you who are averse to the acquisition of knowledge through muscular debate, I trust you know where the DELETE button is. For the rest of you As far as MAY goes, we can take that to any ridiculous extreme you wish to take it. The issue is NOT: The multiplexing of redo logs across multiple disks and controllers. The issue is HOW one does this. Let's get this back to my original post. I was responding to the implication that there is some danger in using hardware mirroring such than one should not use it. As one who HAS ACTUALLY DONE BOTH and ACTUALLY USES BOTH and HAVE DONE SO FOR A LONG TIME (have you?) with both DATABASE and NON-DATABASE files, I felt it necessary to state that notwithstanding whatever armchair academia is floating around on the topic, I have NEVER experienced a loss with hardware mirroring; And have never seen a reason to imply that the practice has any inherent dangers. Does that mean that a problem can never occur? Certainly not. Have we ever had a controller or hard drive fail? Yes, indeed. But, have we ever lost a database as a result? Nope. Let me turn things around on you and look at Oracle multiplexing. Has anyone ever lost a database who was doing Oracle multiplexing? Sure. Well gosh! I thought this was supposed to keep this from happening. Why didn't it? The previous posts seemed to be totally preoccupied with this apparently ubiquitous phenomenon of corrupt blocks. Let me ask you this: How often does it occur that you run your rman backup, and it detects bad blocks that your OS missed or Oracle missed and failed to report? I'm just curious to know how prevalent these things are. Another thing that was stated by the original response was that there was some performance benefit to Oracle doing the multiplexing -- that Oracle somehow optimizes the process. In the case of software mirroring by the OS, this is a dubious statement. In the case of hardware mirroring, the statement is patently false and is the main reason why one would use hardware mirroring -- because performance demands on the system require it. Let's take this performance thing a little further. As we have read in many posts to the list, we even do such reckless and unthinkable things (at least it was a few years ago) as allow storage arrays to cache our writes ... even our redo writes (lions, tigers, and bears, oh my!) because performance demands require it. Now, you can peruse the database literature and find an abundance of text on what a hideously EVIIL practice this is. But we do it anyway. And, saints preserve us! We don't have a landscape littered with lost databases. As one who has never lost a file of any kind to hardware or software mirroring (well ... except for the early releases of Veritas on the Motorola 88K system where Veritas was a complete abortion and worse than nothing at all) I am going to go with my own considerable experience on the subject. If you wish to quote chapter and verse from this doc or that doc, that's great. But I'm
RE: oracle operating system compatibility
Alexander - Log onto http://metalink.oracle.com, on the left side, click on Certify Availability, and it should be obvious from there. Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Tuesday, November 26, 2002 5:26 PM To: Multiple recipients of list ORACLE-L Hi gurus, i need a matrix with oracle verson and O.S. version?? @lex -- Lic. Alexander Ordóñez Arroyo Soporte Tru64Unix BD Oracle Caja Costarricense del Seguro Social Telefono: 295-2004, San José, Costa Rica [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Celular 397-0532 -- The truth is out there in WWW -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Alexander Ordonez INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: DENNIS WILLIAMS INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle OS level security
Jared - I think Thomas has a good point. Here is the way I look at it: 1. Make the server with critical information as secure as possible. 2. Restrict command line or console access to the minimum number of people. This narrows you down to a few sys admins and DBAs. For them your choices are: 1. Hire trustworthy professionals, people that can be intimidated by the threat of being fired. 2. Hire people too stupid to understand how to break into stuff. 3. Configure a really paranoid system to keep the people that must manage the system from being able to do their job. You could spend a lot of extra effort on this one. And it would have to be designed and audited by people outside the company. Years ago, a company I worked for tried option 3. It was a mainframe system with no interactive access. There were three groups of people that worked there, keypunch operators, programmers, and computer operators. The theory was that to defraud the system would require more than one person. A programmer could write a bogus program, but couldn't run it, would need an operator. And so on. They even had a separate building entrance for each group. Nobody outside of management seemed to think it was all that secure. Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Wednesday, November 27, 2002 7:14 AM To: Multiple recipients of list ORACLE-L Jared, Nice question. I don't have an answer, but a comment. It all comes down to Risk Management. In my opinion, Risk Management entails identifying all known risks to losing or changing data in an authorized manner. Once the risks are identified and explained to the organization, they decide what needs to be dealt with and what they are willing to risk based on the probability of the event actually happening. In your example, you've identified the risk of allowing other people admin access on the database server machine. If management is unwilling to revoke these privs, then they need to understand the risk that they have accepted. The risk they've accepted is that someone could, thru the use of stolen passwords, the BBED editor, or simply deleting a database file, cause a disruption, loss of service or loss of data to the organization. And there is not much you (as the DBA) can do about it. I'm sure I'm preaching to the choir here. But a lot of what we (DBA's) do comes down to communication and education of management, and explaining things in terms that they can understand. Hope this helps. Tom Mercadante Oracle Certified Professional -Original Message- Sent: Tuesday, November 26, 2002 6:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used as a reference to look for unauthorized transactions in the primary server. If this same admin has access to the remote server where the MV's are, then this can also be circumvented. There is also the logs created as when logging in as internal or sysdba. ( $ORACLE_HOME/rdms/audit/*.aud ) These can simply be deleted. Some system could be used to save
RE: Oracle Log Miner Question
Title: Message Enterprise Manager -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED]Sent: Tuesday, November 26, 2002 10:44 PMTo: Multiple recipients of list ORACLE-LSubject: Oracle Log Miner QuestionDear All, Does anybody know if there is a front end tool available for the Oracle Log Miner...? Prem
Re: Oracle OS level security
Hadn't even considered BBED, and I have no idea what their take is on it. Guess I'll have to ask. Jared On Tuesday 26 November 2002 16:09, K Gopalakrishnan wrote: Jared: Any one with a reasonable knowledge of Oracle Data Storage Internals can use the Data block Editor (BBED) to update anything in your database without the knowledge of the RDBMS kernel auditing mechanisms. Agreed,BBED is protected by a password in Windoze ports and one need to explicitly make the executable in Unix ports. But the point here is the hacker can do anything using the BBEd and this can be done even while your database is up and running !! What is their take on this kind of attack(!)s? Best Regards, K Gopalakrishnan -Original Message- [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 3:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used as a reference to look for unauthorized transactions in the primary server. If this same admin has access to the remote server where the MV's are, then this can also be circumvented. There is also the logs created as when logging in as internal or sysdba. ( $ORACLE_HOME/rdms/audit/*.aud ) These can simply be deleted. Some system could be used to save these to a remote server, but it would have to run *very* frequently to be effective. Oracle password files could also be used. While this can prevent someone from logging in as SYS or SYSTEM while in place, all it takes is a change to init.ora, and a database bounce to fix that. Make your bogus data changes, change the init.ora back and bounce the database again. A somewhat clever person could set this up to automatically take place the next time the DB is bounced. The conclusion I have come to is that the only effective method that could be used to create an audit trail for such a scenario is to create Materialized Views on sensitive tables, and create them on a server that admins are guaranteed to not have access to. Of course, I may be missing something. I'm not always one to catch all the details right off. Input, comments, suggestions, far out ideas are all welcome. If you've read this far, thanks! Jared -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jared Still INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: redo log file setup with mirrored drives
Amen to that! Stephen, It seems like you keep this discussion on just for the sake of discussion. And also, it seems like you live in some kind of ideal world, where hardware and software is 100% error-free and is 100% bullet-proof and fool-proof, and SAs, DBAs, developers, etc... never make a single mistake. Good for you! But most of us live in real world, where everything listed above is not happening (yes, we, DBAs, make mistakes too). So, we are TRYING to make our databases as reliable as possible (in particular situation), using all the features provided with oracle db including RedoLogs multiplexing (of course, using some common sense, and not creating 20 members in one group). Igor Neyman, OCP DBA [EMAIL PROTECTED] - Original Message - To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] Sent: Wednesday, November 27, 2002 8:43 AM Now for those who are into this worst scenario thing let me ask you: What if I put your storage array between a 30HP air conditioning blower moter and a spot welder, and run a couple of paint shakers on top of the array to boot. What will your vaunted Oracle multiplexing do for you then? Huh? Well, smarty pants, I'm waiting! We do hardware mirroring to protect against controller and disk failures. We do redo log file multiplexing to protect against fat fingers and other odd-ball stuff that have caused problems for an entire file system. Call it an unreliable OS, poor SA (ok, maybe even DBA) practices, whatever. The fact is that I've experienced it and I've been grateful to have the redo logs multiplexed. Each DBA can weigh the pros/cons and decide for themselves. Given your scenario above, mirroring or multiplexing within the array would both be useless. The entire storage array would have to be mirrored. But I don't rely on my multiplexing for this type of disaster. The multiplexing is for other issues I've encountered over the years. I wish I could maintain only 1 member redo log groups. My OS is man-made and occassionally has a bug. Sometimes I'm brain-dead and make a stupid mistake. So I'm opting for all the protection I can get, because I don't want to tell our company executives that their data is unrecoverable. Jay [EMAIL PROTECTED] 11/26/02 09:49PM -Original Message I believe the forgone conclusion you are talking about is that mirroring outside of Oracle MAY result in data loss MAY is a very important word. The multiplexing of redo logs across multiple disks and controllers is a simple way protect your database from potential failure. Your position appears to be that hardware mirroring, software mirroring, RAID hardware, and the controllers feeding them all are infallible. For those of you who are averse to the acquisition of knowledge through muscular debate, I trust you know where the DELETE button is. For the rest of you As far as MAY goes, we can take that to any ridiculous extreme you wish to take it. The issue is NOT: The multiplexing of redo logs across multiple disks and controllers. The issue is HOW one does this. Let's get this back to my original post. I was responding to the implication that there is some danger in using hardware mirroring such than one should not use it. As one who HAS ACTUALLY DONE BOTH and ACTUALLY USES BOTH and HAVE DONE SO FOR A LONG TIME (have you?) with both DATABASE and NON-DATABASE files, I felt it necessary to state that notwithstanding whatever armchair academia is floating around on the topic, I have NEVER experienced a loss with hardware mirroring; And have never seen a reason to imply that the practice has any inherent dangers. Does that mean that a problem can never occur? Certainly not. Have we ever had a controller or hard drive fail? Yes, indeed. But, have we ever lost a database as a result? Nope. Let me turn things around on you and look at Oracle multiplexing. Has anyone ever lost a database who was doing Oracle multiplexing? Sure. Well gosh! I thought this was supposed to keep this from happening. Why didn't it? The previous posts seemed to be totally preoccupied with this apparently ubiquitous phenomenon of corrupt blocks. Let me ask you this: How often does it occur that you run your rman backup, and it detects bad blocks that your OS missed or Oracle missed and failed to report? I'm just curious to know how prevalent these things are. Another thing that was stated by the original response was that there was some performance benefit to Oracle doing the multiplexing -- that Oracle somehow optimizes the process. In the case of software mirroring by the OS, this is a dubious statement. In the case of hardware mirroring, the statement is patently false and is the main reason why one would use hardware mirroring -- because performance demands on the system require it. Let's take this performance
RE: redo log file setup with mirrored drives
-Original Message- We do redo log file multiplexing to protect against fat fingers and other odd-ball stuff that have caused problems for an entire file system. Call it an unreliable OS, poor SA (ok, maybe even DBA) practices I do it because it's a CYA thing of doing it by the book. I've listened to a lot of debates about database things and been amazed at the reasoning behind why people do what they do. I've lost count of how many debates I've heard about extent sizes and numbers of extents, the majority of it pure superstition. In the end, no matter how scientific or superstitious the reasoning, CYA trumps all. So that's why I do it. But, in fact, this whole thing about corrupt blocks is flawed reasoning. If an OS cannot do disk writes in an absolutely reliable way, then the OS is unusable. The bad writes will occur throughout the system. This includes when your logs get archived and writes to data files. Put those two together and what do you get? Actually, there is one advantage to hardware mirroring of archives. On Oracle duplexed archives, my experience is that it is inevitable that you will have one destination fill up while the other one doesn't. In which case Oracle quietly quits using the one destination even after the files are removed during a backup. I wrote a script to monitor when Oracle has stopped duplexing archived logs for those where we don't have hardware mirroring. I was amazed at the non-security that seems to be rampant out there, with mischievous people running around deleting files. I kept reading about it and thinking you've got to be kidding. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephen Lee INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
IOUG 2003
Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
OT: Open Source Security Comes Under Fire
Title: BackupExec & Oracle FYI. http://www.eweek.com/article2/0,3959,720533,00.asp Regards, Patrice Boivin Systems Analyst (Oracle Certified DBA) Systems Admin Operations | Admin. et Exploit. des systmes Technology Services | Services technologiques Informatics Branch | Direction de l'informatique Maritimes Region, DFO | Rgion des Maritimes, MPO E-Mail: [EMAIL PROTECTED]
RE: LGWR using lots of CPU time, low CPU usage
I should have said spread across local drives. [EMAIL PROTECTED] 11/26/02 05:35PM H. I got to thinking about a previous reply which was while doingsomething else:I don't think changing the logmembers will do much goodI agree. 4 groups, they are on the local drive.BOOM!!Then got to thinking This is not right at all. I think I was making asubconscious interpretation based on the context of your usage of the terms.If your groups look likeGROUP1 redo_01a.dbf_or_log redo_01b.dbf_or_log redo_01c.dbf_or_logGROUP2 redo_02a.dbf_or_log redo_02b.dbf_or_log redo_02c.dbf_or_logetc.Then, this all this extra writing will definitely incur overhead.Now, the part about it all being on "the local drive": That still is BOOM!!-- Please see the official ORACLE-L FAQ: http://www.orafaq.com-- Author: Stephen Lee INET: [EMAIL PROTECTED]Fat City Network Services -- 858-538-5051 http://www.fatcity.comSan Diego, California -- Mailing list and web hosting services-To REMOVE yourself from this mailing list, send an E-Mail messageto: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and inthe message BODY, include a line containing: UNSUB ORACLE-L(or the name of mailing list you want to be removed from). You mayalso send the HELP command for other information (like subscribing).
RE: redo log file setup with mirrored drives
Settle down. ;) means joking. Sheeesh. And last I checked, base 2 is still a natural integer, although I'm obviously an idiot as I only took up to pre-calc. Sorry if you took offense at some attempted humor. Rich Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA -Original Message- From: Stephen Lee [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 5:26 PM To: Multiple recipients of list ORACLE-L Subject: RE: redo log file setup with mirrored drives -Original Message- Of course, you'll need Tom Kyte's binary conversion program here to execute this very weak proof: Yeah, well this didn't come from Stephen Hawking. And let's not forget the part about in the natural integers. Homey didn't take a bunch of 5000 and 6000 level math courses and come away entirely untrained. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle OS level security
True, and the question suggests the DBA can be properly vetted while the system administator cannot. I suppose one could try somne type of two-man control. Jared and his system administrator each know a different half of the root and sysdba passwordJust how this could be setup is beyond my ken. Responses to database emergencies would be interesting. If one could implement a system which would fully protect the database from system administrators, one would also need to weigh the costs of that protection against the perceived gain. Ian MacGregor Stanford Linear Accelerator Center [EMAIL PROTECTED] -Original Message- Sent: Wednesday, November 27, 2002 5:14 AM To: Multiple recipients of list ORACLE-L Jared, Nice question. I don't have an answer, but a comment. It all comes down to Risk Management. In my opinion, Risk Management entails identifying all known risks to losing or changing data in an authorized manner. Once the risks are identified and explained to the organization, they decide what needs to be dealt with and what they are willing to risk based on the probability of the event actually happening. In your example, you've identified the risk of allowing other people admin access on the database server machine. If management is unwilling to revoke these privs, then they need to understand the risk that they have accepted. The risk they've accepted is that someone could, thru the use of stolen passwords, the BBED editor, or simply deleting a database file, cause a disruption, loss of service or loss of data to the organization. And there is not much you (as the DBA) can do about it. I'm sure I'm preaching to the choir here. But a lot of what we (DBA's) do comes down to communication and education of management, and explaining things in terms that they can understand. Hope this helps. Tom Mercadante Oracle Certified Professional -Original Message- Sent: Tuesday, November 26, 2002 6:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used as a reference to look for unauthorized transactions in the primary server. If this same admin has access to the remote server where the MV's are, then this can also be circumvented. There is also the logs created as when logging in as internal or sysdba. ( $ORACLE_HOME/rdms/audit/*.aud ) These can simply be deleted. Some system could be used to save these to a remote server, but it would have to run *very* frequently to be effective. Oracle password files could also be used. While this can prevent someone from logging in as SYS or SYSTEM while in place, all it takes is a change to init.ora, and a database bounce to fix that. Make your bogus data changes, change the init.ora back and bounce the database again. A somewhat clever person could set this up to automatically take place the next time the DB is bounced. The conclusion I have come to is that the only effective method that could be used to create an audit trail for such a scenario is to create
RE: Recipe for application design to run on RAC
Hmm. Oracle says that with the improved Cache Fusion in 9i, any current application can be taken as is and run on 9iRAC. But yes, you are right. It really depends on the speed at which the two instances can share the same block and this can never be the same as two sessions accessing the same block in one instance [one SGA]. We are currently running and 8.1.5 OPS [ouch !] environment and testing 9iR2 RAC. The 8.1.5 OPS runs such that the Application Servers [Pro*C servers which get transactions from remote devices through a message bus] all connect to one node and direct PCs using VB/MSQuery connect to the other. Time and again I've asked for the PCs also to connect to the same node but no ... the effort to update the TNSNAMES.ORA and ODBC setup on the PCs would be too much I am told. In 9iRAC we are testing both BASIC and PRECONNECT Failover for TAF and will most certainly be using both nodes of the cluster for transactions. Even the Application Servers will be connecting across both nodes. Cross-fingers, touch-wood and wish me luck ! Hemant At 03:59 PM 26-11-02 -0800, you wrote: If two or more RAC instances will be trying to cache the same data blocks, then this causes the performance problems that you'll see show up as lots of time spent on the event called global cache cr request. If you can partition your application so that RAC nodes don't have to share blocks very often through the cache fusion mechanism, then your system will scale a lot better. Cary Millsap Hotsos Enterprises, Ltd. http://www.hotsos.com Upcoming events: - Hotsos Clinic, Dec 9-11 Honolulu - Hotsos Clinic 101, Jan 7-9 Knoxville - Steve Adams's Miracle Master Class, Jan 13-15 Copenhagen - 2003 Hotsos Symposium, Feb 9-12 Dallas -Original Message- Sent: Tuesday, November 26, 2002 3:34 PM To: Multiple recipients of list ORACLE-L Dear List, Number of times I've seen that one of prerequsites for switching from single node DB to OPS/RAC is to have an application specifically designed / architectured to run on RAC. Can somebody elaborate? Is it something visible on ERD? That is by looking at the model can RAC guru tell that it wouldn't work well on RAC? Or put it another way can one conclude based on the ERD that app was modeled to run on RAC? What's the recepie for app design for RAC? TIA __ Post your free ad now! http://personals.yahoo.ca -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Boris Dali INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Cary Millsap INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Hemant K Chitale My web site page is : http://hkchital.tripod.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Hemant K Chitale INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle 9i installation - Basic Qs
On Switching Off the BROADCAST IP Address within Exceed Application , thereafter # xhost+ succeeded HTH -Original Message- Sent: Wednesday, November 27, 2002 2:54 PM To: Multiple recipients of list ORACLE-L Agreed Jared. I was playing the percentages for the sake of a quick, clear answer. In my experience most of the time it's going to be root. Cheers, Mike -Original Message- Sent: 26 November 2002 17:44 To: Multiple recipients of list ORACLE-L Mike, Not necessarily. It depends on who started the Xsession. I regularly run 'xhost' on my workstation as a non-root user. Root is unable to do so on the same machine. Jared Hately, Mike (NESL-IT) [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/26/2002 07:54 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:RE: Oracle 9i installation - Basic Qs Hi, you'll need to be signed in as root in order to run the xhost + command. The rest of that looks fine so : as root : xhost + as oracle_user : export DISPLAY=PC Client IP address:0.0 xclock(to test yopur X config) NB Exceed has its own array of bugs when used with the Oracle installer. Good luck and I hope the 9i instaler handles Exceed better. regards, Mike Hately -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Hately, Mike (NESL-IT) INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: VIVEK_SHARMA INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Security Focus Link - SQL Injection White Paper
SQL Injection and Oracle - By Pete Finnigan This is the first article in a two-part series that will examine SQL injection attacks against Oracle databases. The bjective of this series is to introduce Oracle users to some of the dangers of SQL injection and to suggest some simple ways of protecting against these types of attack. http://online.securityfocus.com/infocus/1644 -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Post, Ethan INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Pro*C for Oracle 817 on Win2000?
Title: Pro*C for Oracle 817 on Win2000? Hello, Apologies if this is the wrong list to write to, but some guidelines would be nice. We have a legacy software which requires changing. I would like to achieve this but as far as I can see there is no pro*c on otn.oracle.com for Win2k? Is it possible to load the libraries from somewhere? I have tried loading the Programmer option of the client, however from the errors received I don't have all the libraries. ie sqlca.h. I am trying to achieve this feat by using Bloodshed's DevC++. Am I being overly optimistic? I see there are libraries for VC++ and Borland, under the c:\oracle\ora81\oci directories. Unfortunately I don't have access to these programs? Any help will appreciated. Regards Denham Eva Oracle DBA UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity. Dennis Ritchie. DISCLAIMER This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. TFMC, its holding company, and any of its subsidiaries each reserve the right to monitor and manage all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be views of any such entity. This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal - For more information please visit www.marshalsoftware.com
RE: Oracle OS level security
Jared, It seems to me that you can use these auditors to your advantage. Tell them the security risks that you know about, and let them write their report. You might be able to use the report to coerce management for some changes - like dedicated Database servers with a limited number of people who have access to them. audits can be a good thing. Tom Mercadante Oracle Certified Professional -Original Message- Sent: Wednesday, November 27, 2002 9:09 AM To: Multiple recipients of list ORACLE-L Hadn't even considered BBED, and I have no idea what their take is on it. Guess I'll have to ask. Jared On Tuesday 26 November 2002 16:09, K Gopalakrishnan wrote: Jared: Any one with a reasonable knowledge of Oracle Data Storage Internals can use the Data block Editor (BBED) to update anything in your database without the knowledge of the RDBMS kernel auditing mechanisms. Agreed,BBED is protected by a password in Windoze ports and one need to explicitly make the executable in Unix ports. But the point here is the hacker can do anything using the BBEd and this can be done even while your database is up and running !! What is their take on this kind of attack(!)s? Best Regards, K Gopalakrishnan -Original Message- [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 3:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used as a reference to look for unauthorized transactions in the primary server. If this same admin has access to the remote server where the MV's are, then this can also be circumvented. There is also the logs created as when logging in as internal or sysdba. ( $ORACLE_HOME/rdms/audit/*.aud ) These can simply be deleted. Some system could be used to save these to a remote server, but it would have to run *very* frequently to be effective. Oracle password files could also be used. While this can prevent someone from logging in as SYS or SYSTEM while in place, all it takes is a change to init.ora, and a database bounce to fix that. Make your bogus data changes, change the init.ora back and bounce the database again. A somewhat clever person could set this up to automatically take place the next time the DB is bounced. The conclusion I have come to is that the only effective method that could be used to create an audit trail for such a scenario is to create Materialized Views on sensitive tables, and create them on a server that admins are guaranteed to not have access to. Of course, I may be missing something. I'm not always one to catch all the details right off. Input, comments, suggestions, far out ideas are all welcome. If you've read this far, thanks! Jared -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jared Still INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services
RE: Outlines Clarification ??
Having CREATEd the outlines on NON-Partitioned Tables in RULE ; On partitioning SOME of the tables Changing the optimizer_mode=CHOOSE , Will the outlines work for followig SQL Query Cases :- 1) Containing only the partitioned table 2) SQL Join between multiple partitioned tables 3) SQL Join containing some PARTITIONED some NON-Partitioned tables NOTE - NO change whatsoever done in the Application Software -Original Message- Sent: Wednesday, November 27, 2002 4:04 PM To: Multiple recipients of list ORACLE-L The SQL Queries will Remain the SAME , only SOME of the Tables will be paritioned into different tablespaces We have found our application SQL Queries to work well with RULE , Hence the Creation of the Outlines done in RULE . But after paritioning since SQL Queries on the PARTITONED Tables will run Only on COST we will USE the Outlines so Created Earlier Unless you mean to keep the Optimizer_mode=RULE even after partitioning to make the optimizer jump back forth between RULE COST (depending on whether NON-partitioned Or Partitioned Table is Accessed in the SQL ) Thanks -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: VIVEK_SHARMA INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Pro*C for Oracle 817 on Win2000?
Title: Pro*C for Oracle 817 on Win2000? What do you mean, when you say: "there are libraries for VC++ and Borland, under the c:\oracle\ora81\oci directories. Unfortunately I don't have access to these programs" ? Did you set up your C++ project environment/settings properly, pointing to OCI dlls? Igor Neyman, OCP DBA[EMAIL PROTECTED] - Original Message - From: Denham Eva To: Multiple recipients of list ORACLE-L Sent: Wednesday, November 27, 2002 10:39 AM Subject: Pro*C for Oracle 817 on Win2000? Hello, Apologies if this is the wrong list to write to, but some guidelines would be nice. We have a legacy software which requires changing. I would like to achieve this but as far as I can see there is no pro*c on otn.oracle.com for Win2k? Is it possible to load the libraries from somewhere? I have tried loading the Programmer option of the client, however from the errors received I don't have all the libraries. ie sqlca.h. I am trying to achieve this feat by using Bloodshed's DevC++. Am I being overly optimistic? I see there are libraries for VC++ and Borland, under the c:\oracle\ora81\oci directories. Unfortunately I don't have access to these programs? Any help will appreciated. Regards Denham Eva Oracle DBA "UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity." Dennis Ritchie. DISCLAIMER This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. TFMC, its holding company, and any of its subsidiaries each reserve the right to monitor and manage all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be views of any such entity. This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal - For more information please visit www.marshalsoftware.com
RE: Oracle OS level security
Dennis, I must respectfully disagree with 1. I would suggest that the 'can' be changed to a 'cannot'. It is this type of person that will stand up and say 'This is wrong.' Therein lies your security. Dan Fink -Original Message- Sent: Wednesday, November 27, 2002 7:19 AM To: Multiple recipients of list ORACLE-L Jared - I think Thomas has a good point. Here is the way I look at it: 1. Make the server with critical information as secure as possible. 2. Restrict command line or console access to the minimum number of people. This narrows you down to a few sys admins and DBAs. For them your choices are: 1. Hire trustworthy professionals, people that can be intimidated by the threat of being fired. 2. Hire people too stupid to understand how to break into stuff. 3. Configure a really paranoid system to keep the people that must manage the system from being able to do their job. You could spend a lot of extra effort on this one. And it would have to be designed and audited by people outside the company. Years ago, a company I worked for tried option 3. It was a mainframe system with no interactive access. There were three groups of people that worked there, keypunch operators, programmers, and computer operators. The theory was that to defraud the system would require more than one person. A programmer could write a bogus program, but couldn't run it, would need an operator. And so on. They even had a separate building entrance for each group. Nobody outside of management seemed to think it was all that secure. Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Wednesday, November 27, 2002 7:14 AM To: Multiple recipients of list ORACLE-L Jared, Nice question. I don't have an answer, but a comment. It all comes down to Risk Management. In my opinion, Risk Management entails identifying all known risks to losing or changing data in an authorized manner. Once the risks are identified and explained to the organization, they decide what needs to be dealt with and what they are willing to risk based on the probability of the event actually happening. In your example, you've identified the risk of allowing other people admin access on the database server machine. If management is unwilling to revoke these privs, then they need to understand the risk that they have accepted. The risk they've accepted is that someone could, thru the use of stolen passwords, the BBED editor, or simply deleting a database file, cause a disruption, loss of service or loss of data to the organization. And there is not much you (as the DBA) can do about it. I'm sure I'm preaching to the choir here. But a lot of what we (DBA's) do comes down to communication and education of management, and explaining things in terms that they can understand. Hope this helps. Tom Mercadante Oracle Certified Professional -Original Message- Sent: Tuesday, November 26, 2002 6:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used as a reference to look for
Re: Using RECYCLE pool?
This might me it... http://www.dbatoolbox.com/WP2001/tuning/multiple_buffer_pools.pdf Connor McDonald [EMAIL PROTECTED]To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] uk cc: Sent by: Subject: Re: Using RECYCLE pool? [EMAIL PROTECTED] 11/27/02 02:48 AM Please respond to ORACLE-L Assuming the stuff that you want in the recycle pool is: - consuming too much of your default pool - isn't being used too much you could so some sampling on x$bh using obj and tch to make some conclusions. John Beresniewicz wrote a paper on this some time ago, but I don't have it handy - maybe someone else can help. hth connor --- DENNIS WILLIAMS [EMAIL PROTECTED] wrote: Is anyone using the Oracle RECYCLE buffer pool? What was your criteria to select tables? The application I am considering RECYCLE for doesn't perform table scans, so that eliminates one common suggestion. Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: DENNIS WILLIAMS INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). = Connor McDonald http://www.oracledba.co.uk http://www.oaktable.net GIVE a man a fish and he will eat for a day. But TEACH him how to fish, and...he will sit in a boat and drink beer all day __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: =?iso-8859-1?q?Connor=20McDonald?= INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re:The future DBAs?
I'm a data modeler at heart... that's about 90% of what the military used me for. Unfortunately, it seems that, at least in this area, when the economy turns sour, the designers are the first to go. In my last interview, I was told that they didn't really have enough work for a full time DBA yet, so the position would also likely be used as a sysad, a network engineer, a junior programmer, etc... I suppose data modelers are dead for the moment. Please contradict me. Please Marty At 02:19 PM 11/26/2002 -0800, you wrote: Personally, I like Data Architecture. And data modeling. I never could get enough of that. The hard part is explaining to people that don't quite understand the concept. Dave Hay rules! http://www.amazon.com/exec/obidos/tg/detail/-/0932633293 Being the sole DBA for the company, I don't get nearly enough opportunities for this anymore, and don't have the time for much of it anyway. Jared [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/26/2002 10:04 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject: Re:The future DBAs? Well, I give MicroSlop pretty poor grades for predicting the future and Monster.com is absolutely useless (naw make that less than) at job stuff in general. I will agree with the person who wrote the article on one point. The job of being a DBA is changing and we all need to remain flexible to remain useful in the marketplace. That in some cases means spreading our wings from the historical role of DBA. We may need to become part time (or full time) data architects, reporting tool experts, etc... But in the end, I don't see us degrading to the level of an order entry clerk nor order entry clerks upgrading to DBA's. As usual the MicroSlop propaganda machine is at work again. Dick Goulet Reply Separator Author: Arup Nanda [EMAIL PROTECTED] Date: 11/25/2002 5:48 PM Fellow DBAs and other DBA wannabes, Ever wondered the best path into a DBA career? Microsoft offers a brilliant way. MSN Careers at http://editorial.careers.msn.com/articles/nofuture/ suggests some jobs are effectively dead, like farmers and sewing machine operators and how the experts in that field can progress to the next logical career move. Guess which profession's logical career move is database administrator? See the excerpt from the webpage here in the attachment as a picture. I just couldn't resist posting it here. May be they are referring to SQL Server DBAs? Arup Nanda _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Marty All of life's big problems include the words 'indictment' or 'inoperable.' Everything else is small stuff. - -Alton Brown, host, 'Good Eats'
RE: Open Source Security Comes Under Fire
Patrice - Amazing how these things happen. A few weeks ago a report listed Microsoft products as among the worst security risks. Microsoft immediately attacked the report. Then by an amazing coincidence, an impartial organization releases a report stating that Microsoft's greatest competitor, the free people, are actually the greatest security risk. Somebody refresh my memory -- wasn't it the Aberdeen Group that Larry hired the private eye to get some proof that they were just shills for Microsoft, and the guy was caught dumpster diving? Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Wednesday, November 27, 2002 8:24 AM To: Multiple recipients of list ORACLE-L FYI. http://www.eweek.com/article2/0,3959,720533,00.asp http://www.eweek.com/article2/0,3959,720533,00.asp Regards, Patrice Boivin Systems Analyst (Oracle Certified DBA) Systems Admin Operations | Admin. et Exploit. des syst?mes Technology Services| Services technologiques Informatics Branch | Direction de l'informatique Maritimes Region, DFO | R?gion des Maritimes, MPO E-Mail: [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: DENNIS WILLIAMS INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle OS level security
Jared, I realize the following is not really an answer, but it may provide a little food for thought. Practical: 1. Log miner or other log reading tool could be used to track changes made through the transaction layer. Some operations can be done with nologging, but not all and the undo is logged regardless. Yes, it would be complicated and messy. 2. If you don't trust the SAs and DBAs for the systems, they need to be replaced. You are absolutely correct that if a person has the knowledge and motive, almost anything is possible. This is shown time and time again by corporate embezzlement. 3. As a DBA, I never want to know root's password. If I need SA type commands, either use sudo on unix (not sure if there is an equivalent on NT/2K) or provide exact information to the SA. I work on maintaining a good relationship with the SAs so we each respect each other's 'turf' and don't try to do things we are not qualified to do. 4. Changing passwords frequently, especially system generated ones, leads to people writing them down or otherwise storing them somewhere they can be accessed. I wonder how many of us have 1 password (with minor variations) for the overwhelming majority of our systems/logins. 5. Don't make security so onerous and inconvenient that people are constantly looking for ways around it just so that they can do their job. This encourages the creation of security holes and a general disregard for the processes and procedures. 6. If you create a server no admins have access to, how would it be set up and maintained? Theoretical The only truly secure system is the one that is never turned on. Once power is applied and the system is started, it can be compromised. An SA can su - oracle and login as sysdba, a DBA can spoof a user, a developer could insert malicious code. I think that the issue is to create and abide by standards and processes, hire trustworthy personnel and treat them right. As has been shown recently here in the US, there are significant business risks from unethical, greedy people. How are these prevented? Dan Fink -Original Message- Sent: Tuesday, November 26, 2002 4:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used as a reference to look for unauthorized transactions in the primary server. If this same admin has access to the remote server where the MV's are, then this can also be circumvented. There is also the logs created as when logging in as internal or sysdba. ( $ORACLE_HOME/rdms/audit/*.aud ) These can simply be deleted. Some system could be used to save these to a remote server, but it would have to run *very* frequently to be effective. Oracle password files could also be used. While this can prevent someone from logging in as SYS or SYSTEM while in place, all it takes is a change to init.ora, and a database bounce to fix that. Make your bogus data changes, change the init.ora back and bounce the database again. A somewhat clever
RE: Oracle OS level security
Jared - I would be very careful about naming specific tools. Having been an NRC auditor and been audited a lot of times, there is sometimes too much specific information, which will leave the auditor with the impression there is no security at all. They will then feel obligated to flunk your system/process/site, or at least give you a ton or corrective action items. If you feel heavily obligated, you might allude to the fact that an expert could access the Oracle data at the O.S. level if they were very determined and leave it at that. I'm sure there are some O.S. tools that can accomplish what BBED can, if not as conveniently. Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Wednesday, November 27, 2002 8:09 AM To: Multiple recipients of list ORACLE-L Hadn't even considered BBED, and I have no idea what their take is on it. Guess I'll have to ask. Jared On Tuesday 26 November 2002 16:09, K Gopalakrishnan wrote: Jared: Any one with a reasonable knowledge of Oracle Data Storage Internals can use the Data block Editor (BBED) to update anything in your database without the knowledge of the RDBMS kernel auditing mechanisms. Agreed,BBED is protected by a password in Windoze ports and one need to explicitly make the executable in Unix ports. But the point here is the hacker can do anything using the BBEd and this can be done even while your database is up and running !! What is their take on this kind of attack(!)s? Best Regards, K Gopalakrishnan -Original Message- [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 3:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used as a reference to look for unauthorized transactions in the primary server. If this same admin has access to the remote server where the MV's are, then this can also be circumvented. There is also the logs created as when logging in as internal or sysdba. ( $ORACLE_HOME/rdms/audit/*.aud ) These can simply be deleted. Some system could be used to save these to a remote server, but it would have to run *very* frequently to be effective. Oracle password files could also be used. While this can prevent someone from logging in as SYS or SYSTEM while in place, all it takes is a change to init.ora, and a database bounce to fix that. Make your bogus data changes, change the init.ora back and bounce the database again. A somewhat clever person could set this up to automatically take place the next time the DB is bounced. The conclusion I have come to is that the only effective method that could be used to create an audit trail for such a scenario is to create Materialized Views on sensitive tables, and create them on a server that admins are guaranteed to not have access to. Of course, I may be missing something. I'm not always one to catch all the details right off. Input, comments, suggestions, far out ideas are all welcome. If you've read this far, thanks! Jared -- Please see the
Data Warehousing books for Oracle 9i (once again)
Yes, I know -- old topic, but a search thru the 440 DW posts on the fatcity archives didn't reveal much. Not having much of any knowledge on DW/DM, I picked up the Oracle Press' Oracle8 Data Warehousing book for $1 on the clearance rack in hopes that an overall view of the procedures necessary for DW/DM building and maintenance to give me some idea of what I'm up against. I can't help but be completely confused by this book because it doesn't seem to cover DW/DM maintenance at all. It has a chapter dedicated to various ways to populate the DW/DM, but not how to keep the data up-to-date. Do DWs get completely regenerated on a daily/weekly/periodic basis? This just doesn't seem feasible to me, especially for large (1T+) DWs. Am I missing something? Are newer revs of this book better? Are there any better DW books geared specifically for Oracle9i? Does Martha know that John is really her long-lost brother? From past posts (Jared's?), I'm thinking that we'd be at least picking up Kimball's DW Toolkit, 2nd Ed. and hopefully we'll get some training in for this, too, but I would like something specific to DWs on Oracle 9i. TIA! :) Rich Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: redo log file setup with mirrored drives
-Original Message- have you NEVER accidentally, at 3AM, after having been woken from a sound sleep to a crisis that needs to be fixed RIGHT NOW, made a typo? Actually no. But we usually script our actions and test the scripts prior to doing anything in production. As a sys admin, I've restored enough casualties of the rm -rf * command to be rather careful about it myself. Um, I have. I was wondering if anyone had. But I could turn this around too and give an example of when duplexing the redos failed to save me. One so-called patch that Compaq released for Tru64 actually caused disk writes to be unreliable (OH MY GOD!!). And we wound up with a G.D. mess in spite of the redos being duplexed all nice and official. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephen Lee INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: IOUG 2003
Rachel, I inquired the same with IOUG Conference Committee and here is the response from Julie Ferry. START OF MESSAGE - Original Message - To: '[EMAIL PROTECTED]' Sent: Tuesday, November 05, 2002 2:26 PM Hi Arup, Speaker notifications will be send out the second week of December. All speakers that submitted an abstract for Live! will receive a message regardless of whether or not they were accepted. Thanks. Julie END OF MESSAGE Hope this helps. Arup - Original Message - To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] Sent: Wednesday, November 27, 2002 10:03 AM Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Arup Nanda INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Using RECYCLE pool?
Thanks Denny, Connor, and Ferenc for your helpful suggestions. Ferenc - I particularly appreciated your insights. This is also a packaged app where I can't tune the SQL. It does no table scans (long story, but that is the way this app works). My logic is that the biggest wait (85% of wait) is db file sequential read, and the BHR is fairly low, about 80%. So my thought is to increase the buffer, and while I was at it, thought I would try the KEEP and RECYCLE pools. But I find your comment about logical tuning very interesting. Can you explain more, in case I'm missing something basic? Thanks. Dennis Williams DBA, 40%OCP Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Tuesday, November 26, 2002 7:29 PM To: Multiple recipients of list ORACLE-L Hi Dennis I try to not think of the pool names as being descriptive of what they should be allocated for. I regard them as pool 1 (default), of which I can configure two other pools, (pool 2 and pool 3). For Siebel applications (probably works similar for PSOFT [Joe, you in on this thread ?] and SAP), knowing the application and what it does, the repository tables, like the tables that define position based access, views, responsibilities, position relationships (team-based visibility in Siebel), broadcast messages, workflow rules and rule items, I put them into a separate smaller but very frequently accessed pool, knowing they are going to get hit at least a few times every minute with a few hundred users logged on. Then I try to identify those tables that DO get FTS, and if I cannot tune the query by placing relevant indices (sometimes it is better to have FTS than large index range scan to reduce logical IO, the big performance killer), put these into a separate pool, and leave the rest in default. Alternatively, the hot smaller tables go into one pool, the indices in another and the rest of the tables stay in default. There are various tricks for this. Oracle 9 makes things easier because you can identify which indexes are beig used, and then not waste your time with the others. Just remember, you will get much further distance from reducing logical IO's than playing with various buffer pools, though there is a minimal argument for playing with buffer pools, once logical IO's have been decreased. Real-life example : using Siebel EIM, by placing EIM tables into separate buffer pools, I saw a small advantage, say 5 - 10 % in buffer cache latch reduction and more efficient use of cached IO. But after tuning the structures so that I reduced logical IO's, I saw a 2000% throughput improvement of EIM, to the amazement of all skeptics on the project (also bumped up initrans and ran multiple parallel streams). So prioritize where you spend your tuning efforts. Reduction of logical IO = biggest bang for buck ! Getting off my soapbox now. Lots to do. Ciao : Ferenc Mantfeld -Original Message- From: DENNIS WILLIAMS [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, November 27, 2002 8:30 AM To: Multiple recipients of list ORACLE-L Subject:Using RECYCLE pool? Is anyone using the Oracle RECYCLE buffer pool? What was your criteria to select tables? The application I am considering RECYCLE for doesn't perform table scans, so that eliminates one common suggestion. Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: DENNIS WILLIAMS INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: mantfield INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: DENNIS WILLIAMS INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services
RE: IOUG 2003
Ah. The Queen is ranting again. Confirmations have not been sent out by the IOUG as of yet. Should be sometime within the next week or so. The setup for the speakers is to have us test the registration and to have it ready when the confirmations go out. I would assume that registration will be comparable to last year. Thank You Stephen P. Karniotis Product Architect Compuware Corporation Direct: (248) 865-4350 Mobile: (248) 408-2918 Email: [EMAIL PROTECTED] Web:www.compuware.com -Original Message- Sent: Wednesday, November 27, 2002 10:04 AM To: Multiple recipients of list ORACLE-L Subject:IOUG 2003 Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Karniotis, Stephen INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: IOUG 2003
Speaking of IOUG, did anyone else get a membership renewal email recently? Seems to me the annual dues have gone up significantly this year. --Walt Weaver Bozeman, Montana -Original Message- Sent: Wednesday, November 27, 2002 8:04 AM To: Multiple recipients of list ORACLE-L Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Weaver, Walt INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: redo log file setup with mirrored drives
Hi: I am the original poster and thanks for all your inputs on this topic. Now I know more about what might happen if something goes wrong. The main purpose of we thinking doing this was to gain some performance. We have a weekly schema imp process which takes about a day to finish. We hope by eliminating redo log multiplex, but with OS mirroring we can speed up this loading process. We are going to do some tests to see how much we would gain. BTW, our unix system admin is very good, I can trust him that we would never delete any redo log files or any oracle files. So the only practical danger is that the redo file might get corrupted. This means we need to balance the performance vs file curruption. Thanks again. Guang _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Guang Mei INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Recipe for application design to run on RAC
Thanks for taking time to reply, Cary. Much appreciated. Did I understand it correctly that in active/active setup it would be beneficial to give each node it's own virtual empire so to speak. Like one node to service say marketing and sales, while the other to deal with say inventory and automation and minimize interdependencies between the two? I was thinking more along the lines of equally distributing/balancing the utilization across the nodes (which presumably makes it easier to re-route db calls to surviving node in case of instance/node failure after remastering, since all nodes are peers) I obviously need to do some serious RTFMing here. So if the key is to have application partitioned (by probably functional/business areas?), is it at the logical design stage that this needs to be accounted for? Assuming enterprise framework in place, like Zachman's (http://www.zifa.com/framework.html) would it be at the system model/logical level (or using Oracle Designer terminology I guess at the system analysis stage) that design for RAC comes to the picture for a first time? Thanks again. --- Cary Millsap [EMAIL PROTECTED] wrote: If two or more RAC instances will be trying to cache the same data blocks, then this causes the performance problems that you'll see show up as lots of time spent on the event called global cache cr request. If you can partition your application so that RAC nodes don't have to share blocks very often through the cache fusion mechanism, then your system will scale a lot better. Cary Millsap Hotsos Enterprises, Ltd. http://www.hotsos.com Upcoming events: - Hotsos Clinic, Dec 9-11 Honolulu - Hotsos Clinic 101, Jan 7-9 Knoxville - Steve Adams's Miracle Master Class, Jan 13-15 Copenhagen - 2003 Hotsos Symposium, Feb 9-12 Dallas -Original Message- Sent: Tuesday, November 26, 2002 3:34 PM To: Multiple recipients of list ORACLE-L Dear List, Number of times I've seen that one of prerequsites for switching from single node DB to OPS/RAC is to have an application specifically designed / architectured to run on RAC. Can somebody elaborate? Is it something visible on ERD? That is by looking at the model can RAC guru tell that it wouldn't work well on RAC? Or put it another way can one conclude based on the ERD that app was modeled to run on RAC? What's the recepie for app design for RAC? TIA __ Post your free ad now! http://personals.yahoo.ca -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Boris Dali INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Cary Millsap INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). __ Post your free ad now! http://personals.yahoo.ca -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Boris Dali INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: redo log file setup with mirrored drives
I was amazed at the non-security that seems to be rampant out there, with mischievous people running around deleting files. I kept reading about it and thinking you've got to be kidding. Steven, have you NEVER accidentally, at 3AM, after having been woken from a sound sleep to a crisis that needs to be fixed RIGHT NOW, made a typo? if not, wow, I'm in awe. All you need to do is forget which directory you are in... and not include the path when do you an rm. I've done it. I've learned to ALWAYS do a pwd at the OS level and a select * from v$database when I am connected to a database. In any case, in another post you asked if anyone had ever lost a database due to hardware mirroring. Um, I have. Okay, we recovered the database via Data Unloader, but essentially it was lost, because we couldn't open the database. The current redo log and its hardware mirror failed. To this day, I don't know why, there was a lot of finger pointing going on, including you mirrored it onto itself and you had both disks on the same controller and it failed. Regardless of WHY it happened, it happened. We could not switch the current log, we could not open the database, we couldn't access anything. Tech support finally mentioned that there was this product that field support had... and two DAYS later I had a database again. In this case, Oracle mirroring (no, we were not using multiplexed redo logs) would possibly have saved us time, money and I might have had a few less gray hairs. Rachel --- Stephen Lee [EMAIL PROTECTED] wrote: -Original Message- We do redo log file multiplexing to protect against fat fingers and other odd-ball stuff that have caused problems for an entire file system. Call it an unreliable OS, poor SA (ok, maybe even DBA) practices I do it because it's a CYA thing of doing it by the book. I've listened to a lot of debates about database things and been amazed at the reasoning behind why people do what they do. I've lost count of how many debates I've heard about extent sizes and numbers of extents, the majority of it pure superstition. In the end, no matter how scientific or superstitious the reasoning, CYA trumps all. So that's why I do it. But, in fact, this whole thing about corrupt blocks is flawed reasoning. If an OS cannot do disk writes in an absolutely reliable way, then the OS is unusable. The bad writes will occur throughout the system. This includes when your logs get archived and writes to data files. Put those two together and what do you get? Actually, there is one advantage to hardware mirroring of archives. On Oracle duplexed archives, my experience is that it is inevitable that you will have one destination fill up while the other one doesn't. In which case Oracle quietly quits using the one destination even after the files are removed during a backup. I wrote a script to monitor when Oracle has stopped duplexing archived logs for those where we don't have hardware mirroring. I was amazed at the non-security that seems to be rampant out there, with mischievous people running around deleting files. I kept reading about it and thinking you've got to be kidding. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephen Lee INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Recipe for application design to run on RAC
Title: RE: Recipe for application design to run on RAC Couldn't you partitioned your database to accomplish the same thing and thus still be application-independent? - costs $$ licensing but ... -Original Message- From: Hemant K Chitale [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 27, 2002 10:29 AM To: Multiple recipients of list ORACLE-L Subject: RE: Recipe for application design to run on RAC Hmm. Oracle says that with the improved Cache Fusion in 9i, any current application can be taken as is and run on 9iRAC. But yes, you are right. It really depends on the speed at which the two instances can share the same block and this can never be the same as two sessions accessing the same block in one instance [one SGA]. We are currently running and 8.1.5 OPS [ouch !] environment and testing 9iR2 RAC. The 8.1.5 OPS runs such that the Application Servers [Pro*C servers which get transactions from remote devices through a message bus] all connect to one node and direct PCs using VB/MSQuery connect to the other. Time and again I've asked for the PCs also to connect to the same node but no ... the effort to update the TNSNAMES.ORA and ODBC setup on the PCs would be too much I am told. In 9iRAC we are testing both BASIC and PRECONNECT Failover for TAF and will most certainly be using both nodes of the cluster for transactions. Even the Application Servers will be connecting across both nodes. Cross-fingers, touch-wood and wish me luck ! Hemant At 03:59 PM 26-11-02 -0800, you wrote: If two or more RAC instances will be trying to cache the same data blocks, then this causes the performance problems that you'll see show up as lots of time spent on the event called global cache cr request. If you can partition your application so that RAC nodes don't have to share blocks very often through the cache fusion mechanism, then your system will scale a lot better. Cary Millsap Hotsos Enterprises, Ltd. http://www.hotsos.com Upcoming events: - Hotsos Clinic, Dec 9-11 Honolulu - Hotsos Clinic 101, Jan 7-9 Knoxville - Steve Adams's Miracle Master Class, Jan 13-15 Copenhagen - 2003 Hotsos Symposium, Feb 9-12 Dallas -Original Message- Sent: Tuesday, November 26, 2002 3:34 PM To: Multiple recipients of list ORACLE-L Dear List, Number of times I've seen that one of prerequsites for switching from single node DB to OPS/RAC is to have an application specifically designed / architectured to run on RAC. Can somebody elaborate? Is it something visible on ERD? That is by looking at the model can RAC guru tell that it wouldn't work well on RAC? Or put it another way can one conclude based on the ERD that app was modeled to run on RAC? What's the recepie for app design for RAC? TIA __ Post your free ad now! http://personals.yahoo.ca -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Boris Dali INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Cary Millsap INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Hemant K Chitale My web site page is : http://hkchital.tripod.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Hemant K Chitale INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Pro*C for Oracle 817 on Win2000?
Hello Pro*C can be found on the 8.1.7 NT/EE distribution which will run on W2K. It's under application development. The Borland compiled support was dropped a long time ago AFAIK. You can try using the .LIB's for VisualC++ for linking with your other compiler but I think you might be S.O.L. in that department. I think the library formats vary between compilers. Cheers Jeff Herrick On Wed, 27 Nov 2002, Denham Eva wrote: Hello, Apologies if this is the wrong list to write to, but some guidelines would be nice. We have a legacy software which requires changing. I would like to achieve this but as far as I can see there is no pro*c on otn.oracle.com for Win2k? Is it possible to load the libraries from somewhere? I have tried loading the Programmer option of the client, however from the errors received I don't have all the libraries. ie sqlca.h. I am trying to achieve this feat by using Bloodshed's DevC++. Am I being overly optimistic? I see there are libraries for VC++ and Borland, under the c:\oracle\ora81\oci directories. Unfortunately I don't have access to these programs? Any help will appreciated. Regards Denham Eva Oracle DBA UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity. Dennis Ritchie. _ DISCLAIMER This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. TFMC, its holding company, and any of its subsidiaries each reserve the right to monitor and manage all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. _ This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal For more information please visit www.marshalsoftware.com _ -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jeff Herrick INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle OS level security
My experience with NT security in an environment of any significant size is that it is a hopeless situation. In addition to dealing with admins on the box with the database, it seems that there is always an application support person or two that needs to administrator privs on that box too. Then there are the people that support multiple boxes, so they get domain admin privs. I set the privs on Oracle files so that any administrator would at least have to take ownership of the files in order to delete them. Following strict file and directory naming conventions and teaching everyone to recognize sacred file name patterns helps. We even had certain drive letters throughout the domain that were reserved for Oracle stuff so that people would know which drive letters were danger zones. With all this in place, the only problems we experienced were due to the flakey disk clustering that the admins were using. File systems (or the NT equivalent thereof) had a habit of getting unmounted, and Oracle seems to take offense at files suddenly disappearing. I wasn't all that worried about people going in and deleting files. My biggest worry was that we automate a lot of jobs and a lot of monitoring with scripts. Some of these require information, (such as passwords) be put into files; files that I can't protect on NT. I never had a big problem with admins being administrator (or root on Unix), but on NT it seems that there are always people from development, or people from some department up on 10th floor, that need administrator on the box too in order to support some app. So now you have developers and people you don't even know about that, if they chose to do so, can go nosing around in your stuff. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephen Lee INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Autoextend WAIT statistic?
K., Ian, Dan - Thanks so much for your replies. This is LMT. Dan - appreciate your running a test, no wonder you 'da man. Now I know the statistic to keep an eye on, and which wait table. I'm not sure how much of a problem this is, but when my sys admin gets an idea, he hangs on like a bulldog, and damnit he's been right a few times! Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Tuesday, November 26, 2002 5:26 PM To: Multiple recipients of list ORACLE-L Dennis, I did some quick dirty testing by creating a very small(10M) datafile with a large(2000m) autoextend clause. On the insert, the session was waiting on 'file open' for most of the time. When I did a rollback and reinserted the data, there were no waits (that I saw) on file open. Interestingly, this wait event does not appear to be accurately tracked in v$session_event. In v$session_wait the seconds in wait (last trapped) was 132. In v$session_event, it shows 0. Okay, gurus, why? Am I missing something in this? select * from v$session_wait where sid = 14 SID SEQ# EVENT -- -- P1TEXT P1 P1RAW -- P2TEXT P2 P2RAW -- P3TEXT P3 P3RAW WAIT_TIME SECONDS_IN_WAIT -- -- --- STATE --- 14322 file open fib 4327126592 000101EAB640 iov 4327069760 000101E9D840 0 0 00 -1 132 WAITED SHORT TIME select * from v$session_event where sid = 14 SID EVENT TOTAL_WAITS TOTAL_TIMEOUTS TIME_WAITED AVERAGE_WAIT MAX_WAIT -- -- --- -- --- -- 14 rdbms ipc reply 4 1 210 52.5205 14 control file sequential read18 0 16 .9 15 14 local write wait 1 0 00 0 14 log buffer space72 0 124217.25 82 14 log file switch completion 6 0 250 41.667 72 14 log file sync4 0 6115.25 28 14 db file sequential read 7 0 1 .142857143 1 14 db file scattered read 164 0 152 .926829268 5 14 db file single write 2 0 1 .5 1 14 file identify4 0 00 0 14 file open6 0 00 0 14 SQL*Net message to client 41 0 00 0 14 SQL*Net message from client 40 0 67829 1695.725 19952 Dan Fink -Original Message- Sent: Tuesday, November 26, 2002 2:30 PM To: Multiple recipients of list ORACLE-L Oracle says that when a file autoextends, there is a slight delay. Does anyone know which Oracle WAIT statistic that would appear under? We have been using autoextend on OLTP production tables for awhile now, and the results have been satisfactory. This is an ERP system, so the critical performance time is at month-end. Some of the developers are concerned that table autoextending may slow batch programs, and suggesting that I should determine which tables are likely to autoextend during month-end and add storage beforehand. I would like to ensure that I am fixing a real problem (short on time, like most of you), so I am wondering if autoextend was causing a delay, what wait statistic would it show up under. Any ideas? Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: DENNIS WILLIAMS INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL
RE: Open Source Security Comes Under Fire
Title: BackupExec & Oracle You've got to love blinkered analyst reports - SQL Server alone has had nearlya dozen critical security issues this year (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316333id=Q316333). But I guess that doesn't count :-) Ciao Fuzzy (yes, I'm back - made it to the UK in mostly one piece) -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Boivin, Patrice JSent: 27 November 2002 14:24To: Multiple recipients of list ORACLE-LSubject: OT: Open Source Security Comes Under Fire FYI. http://www.eweek.com/article2/0,3959,720533,00.asp Regards, Patrice Boivin Systems Analyst (Oracle Certified DBA) Systems Admin Operations | Admin. et Exploit. des systmes Technology Services | Services technologiques Informatics Branch | Direction de l'informatique Maritimes Region, DFO | Rgion des Maritimes, MPO E-Mail: [EMAIL PROTECTED]
Oracle 8.1.6 Installation error
Greetings, I was trying to install oracle 8.1.6 on a Sun Solaris(2.7) box. But I get an error saying that you cannot install 8.1.6 when you have already installed 8.1.7 in this box. I was under impression that you can install a lower version of Oracle in the same box. Could you please confirm this. Thanks, Ashoke -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Mandal, Ashoke INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: OT: Open Source Security Comes Under Fire
The most interesting part of the article was the response by the MS VP of security. Rather than bad mouth open source, he spoke of security holes as an 'industry problem' Amazing! Jared Boivin, Patrice J [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/27/2002 06:23 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:OT: Open Source Security Comes Under Fire FYI. http://www.eweek.com/article2/0,3959,720533,00.asp Regards, Patrice Boivin Systems Analyst (Oracle Certified DBA) Systems Admin Operations | Admin. et Exploit. des systèmes Technology Services| Services technologiques Informatics Branch | Direction de l'informatique Maritimes Region, DFO | Région des Maritimes, MPO E-Mail: [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
NT Memory Leak 7.3.4
Title: NT Memory Leak 7.3.4 Hi, Does anyone know of a memory leak for Oracle 7.3.4.0 on Windows NT 4.0? A friend of mine is having to reboot monthly as the oracle73.exe grows to all of the memory on the machine when the SGA is pegged at 40M. As of today, the Oracle73.exe was at 210M and growing. They will be rebooting today. I know that the Oraclexx.exe starts less than the SGA and grows as it is used, but I haven't seen it go beyond the SGA settings. I have told him he needs to upgrade to 7.3.4.4 or 7.3.4.5. Is this good advice (they cannot go to 8)? Thank you in advance. --Chris
RE: Recipe for application design to run on RAC
The first thing to do is quit using tnsnames.ora on the client PC's. Use Oracle names or Oracle Internet Directory. Jared Hemant K Chitale [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/27/2002 07:28 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:RE: Recipe for application design to run on RAC Hmm. Oracle says that with the improved Cache Fusion in 9i, any current application can be taken as is and run on 9iRAC. But yes, you are right. It really depends on the speed at which the two instances can share the same block and this can never be the same as two sessions accessing the same block in one instance [one SGA]. We are currently running and 8.1.5 OPS [ouch !] environment and testing 9iR2 RAC. The 8.1.5 OPS runs such that the Application Servers [Pro*C servers which get transactions from remote devices through a message bus] all connect to one node and direct PCs using VB/MSQuery connect to the other. Time and again I've asked for the PCs also to connect to the same node but no ... the effort to update the TNSNAMES.ORA and ODBC setup on the PCs would be too much I am told. In 9iRAC we are testing both BASIC and PRECONNECT Failover for TAF and will most certainly be using both nodes of the cluster for transactions. Even the Application Servers will be connecting across both nodes. Cross-fingers, touch-wood and wish me luck ! Hemant At 03:59 PM 26-11-02 -0800, you wrote: If two or more RAC instances will be trying to cache the same data blocks, then this causes the performance problems that you'll see show up as lots of time spent on the event called global cache cr request. If you can partition your application so that RAC nodes don't have to share blocks very often through the cache fusion mechanism, then your system will scale a lot better. Cary Millsap Hotsos Enterprises, Ltd. http://www.hotsos.com Upcoming events: - Hotsos Clinic, Dec 9-11 Honolulu - Hotsos Clinic 101, Jan 7-9 Knoxville - Steve Adams's Miracle Master Class, Jan 13-15 Copenhagen - 2003 Hotsos Symposium, Feb 9-12 Dallas -Original Message- Sent: Tuesday, November 26, 2002 3:34 PM To: Multiple recipients of list ORACLE-L Dear List, Number of times I've seen that one of prerequsites for switching from single node DB to OPS/RAC is to have an application specifically designed / architectured to run on RAC. Can somebody elaborate? Is it something visible on ERD? That is by looking at the model can RAC guru tell that it wouldn't work well on RAC? Or put it another way can one conclude based on the ERD that app was modeled to run on RAC? What's the recepie for app design for RAC? TIA __ Post your free ad now! http://personals.yahoo.ca -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Boris Dali INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Cary Millsap INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Hemant K Chitale My web site page is : http://hkchital.tripod.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Hemant K Chitale INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network
Re: Security Focus Link - SQL Injection White Paper
Thanks Ethan, You may also be interested in several papers on SQL Injection available at: http://www.nextgenss.com/research/papers.html These refer to SQL Server, but much of it is relevant for any database. Jared Post, Ethan [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/27/2002 07:54 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:Security Focus Link - SQL Injection White Paper SQL Injection and Oracle - By Pete Finnigan This is the first article in a two-part series that will examine SQL injection attacks against Oracle databases. The bjective of this series is to introduce Oracle users to some of the dangers of SQL injection and to suggest some simple ways of protecting against these types of attack. http://online.securityfocus.com/infocus/1644 -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Post, Ethan INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: RE: LGWR using lots of CPU time, low CPU usage
TOTAL Time Taken for a fixed Number of Application Transactions to Complete , (mostly OLTP in nature to Complete ) , Rose by about 3 TIMES the Normal Benchmarked Time . We found that somehow the session_cached_cursor had been oversized to 200 . Immediately thereafter , I reduced the session_cached_cursors to 50 , Bounced the Database did a RE-Run The performance (TOTAL Time Taken) returned to Normal Benchmark was Done on Oracle 8.1.7 on Solaris 8 We unfortunately do NOT have any more Details of now HTH -Original Message- Sent: Wednesday, November 27, 2002 7:39 AM To: Multiple recipients of list ORACLE-L VIVEK_SHARMA, Can i know how did you get your result of oversizing the session_cached_cursors do harm to performance? My applications do a lot of softparse with pro*C and i used session_cached_cursors=200 in my db. I want to know How did you find it out and can you share your experience? And another add on: lgwr using a lot of cpu time,low cpu usage, does it mean that it look like my profile? I think It is because lgwr is consistantly using cpu , and the database have been up for a long time.So, from ps/top, the total cpu is high,but cpu usage is low? main-db1# /usr/ucb/ps -aux|grep ora_ |grep -v grep |sort +8nr oracle1078 0.1 46.857277125697408 ?S Oct 30 220:00 ora_lgwr_biddb oracle1076 0.1 46.857317205701200 ?S Oct 30 92:37 ora_dbw0_biddb oracle1086 0.0 46.957328325709560 ?S Oct 30 47:02 ora_snp0_biddb oracle1088 0.0 46.957335925710896 ?S Oct 30 25:04 ora_snp1_biddb oracle1094 0.0 46.857275685696760 ?S Oct 30 20:54 ora_arc0_biddb oracle2662 0.0 46.857275685697472 ?S Oct 30 20:20 ora_arc2_biddb oracle1597 0.0 46.857275685697456 ?S Oct 30 19:42 ora_arc1_biddb oracle1092 0.0 46.957323765709312 ?S Oct 30 17:19 ora_snp3_biddb oracle1090 0.0 46.957344965709648 ?S Oct 30 10:23 ora_snp2_biddb oracle1096 0.0 47.257831605745720 ?S Oct 30 8:22 ora_p000_biddb oracle1101 0.0 47.257781605743520 ?S Oct 30 7:36 ora_p002_biddb oracle1098 0.0 47.257781765743904 ?S Oct 30 6:34 ora_p001_biddb oracle1103 0.0 47.257781525743576 ?S Oct 30 6:42 ora_p003_biddb oracle1080 0.0 46.857277125697440 ?S Oct 30 4:21 ora_ckpt_biddb oracle1107 0.0 47.157770005741416 ?S Oct 30 4:18 ora_p005_biddb oracle1105 0.0 47.057646325730624 ?S Oct 30 3:20 ora_p004_biddb oracle1109 0.0 47.157729045736024 ?S Oct 30 2:25 ora_p006_biddb oracle 0.0 47.157728485735952 ?S Oct 30 2:28 ora_p007_biddb oracle1074 0.0 46.857268085698184 ?S Oct 30 0:00 ora_pmon_biddb oracle1082 0.0 46.857259365700096 ?S Oct 30 0:59 ora_smon_biddb oracle1084 0.0 46.857258165699392 ?S Oct 30 0:31 ora_reco_biddb Regards zhu chao Eachnet DBA 86-21-32174588-667 [EMAIL PROTECTED] www.happyit.net www.cnoug.org(Chinese Oracle User Group) === 2002-11-26 11:25:00 ,you wrote£º=== In some of our benchmarks with our hybrid application on Oracle 8.1.7 , Oversizing session_cached_cursors would HARM performance greatly . Our Optimal Value is 50 -Original Message- Sent: Wednesday, November 27, 2002 12:20 AM To: Multiple recipients of list ORACLE-L Deborah, First, don't remove Oracle's RedoLog duplexing, you may regret about it later (see recent thread on this issue). Second, if what you are telling (logs are about 100 MB in 2 groups of 20 members each) is accurate, then this is your main problem. If you have your log switches on avg 2.5 per day, change your RedoLog configuration to be: 3 (or 4) groups, 3 members each (if you can put them on separate physical devices, if not - 2 members should suffice), and you can make them smaller, like 50Mb (or even smaller). You will have more log switches per day, but it's perfectly fine as long, as don't have them every 5 min. And old school is still right about not putting RedoLogs onto RAID5. Igor Neyman, OCP DBA [EMAIL PROTECTED] - Original Message - To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 1:00 PM We are on 9.2.0.2, Solaris 8 on Sunfire 3800 with 16 GB memory and 128 MB on a hardware-controlled, mirrored RAID5 StorEdge T-3 Array. Periodically throughout the day the LGWR background process clocks 20+ minutes of CPU time while actual CPU usage is quite low. I ran a statspack report and for a 45-minute period that included the slow LGWR process. The top 5 timed events in my 45-minute report are: CPU time 1,295 60.41 db file sequential read 392,516 341 15.91 db file scattered read 70,245 168 7.85 log file sync 26,916 133 6.22 library cache pin 22 59 2.76 (Now that the top 5 is timed events, 3 spots almost always include CPU and the db file reads, so I only get two
RE: Oracle OS level security
After pondering this for a few minutes, I came to the conclusion that BED doesn't matter. First, I need to clarify a proposed audit trail. It consists of an audit table on a sensitive table. The audit table is populated via trigger and records all updates/inserts/deletes. The audit table is replicated to a secure server via Materialized View. It doesn't matter *how* fraudulent transactions are entered into the table. The audit trail is still in place, and data in the production system would not correspond with the audit trail. Jared K Gopalakrishnan [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/26/2002 04:09 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:RE: Oracle OS level security Jared: Any one with a reasonable knowledge of Oracle Data Storage Internals can use the Data block Editor (BBED) to update anything in your database without the knowledge of the RDBMS kernel auditing mechanisms. Agreed,BBED is protected by a password in Windoze ports and one need to explicitly make the executable in Unix ports. But the point here is the hacker can do anything using the BBEd and this can be done even while your database is up and running !! What is their take on this kind of attack(!)s? Best Regards, K Gopalakrishnan -Original Message- [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 3:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used as a reference to look for unauthorized transactions in the primary server. If this same admin has access to the remote server where the MV's are, then this can also be circumvented. There is also the logs created as when logging in as internal or sysdba. ( $ORACLE_HOME/rdms/audit/*.aud ) These can simply be deleted. Some system could be used to save these to a remote server, but it would have to run *very* frequently to be effective. Oracle password files could also be used. While this can prevent someone from logging in as SYS or SYSTEM while in place, all it takes is a change to init.ora, and a database bounce to fix that. Make your bogus data changes, change the init.ora back and bounce the database again. A somewhat clever person could set this up to automatically take place the next time the DB is bounced. The conclusion I have come to is that the only effective method that could be used to create an audit trail for such a scenario is to create Materialized Views on sensitive tables, and create them on a server that admins are guaranteed to not have access to. Of course, I may be missing something. I'm not always one to catch all the details right off. Input, comments, suggestions, far out ideas are all welcome. If you've read this far, thanks! Jared -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services
is it possible ?
Is it possible For 2 Databases to be Brought up on the SAME machine with the SAME ORACLE_SID from Different ORACLE_HOMEs ? If so , how ? Thanks -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: VIVEK_SHARMA INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: IOUG 2003
Yeah, well I too had become somewhat puzzled at the length of time they seem to be taking in informing would-be speakers, so emailed them. The answer is that notifiations will be posted second week December. Good luck! peter edinburgh -Original Message- From: Rachel Carmichael [mailto:[EMAIL PROTECTED]] Sent: 27 November 2002 15:04 To: Multiple recipients of list ORACLE-L Subject: IOUG 2003 Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). * This e-mail message, and any files transmitted with it, are confidential and intended solely for the use of the addressee. If this message was not addressed to you, you have received it in error and any copying, distribution or other use of any part of it is strictly prohibited. Any views or opinions presented are solely those of the sender and do not necessarily represent those of the British Geological Survey. The security of e-mail communication cannot be guaranteed and the BGS accepts no liability for claims arising as a result of the use of this medium to transmit messages from or to the BGS. The BGS cannot accept any responsibility for viruses, so please scan all attachments.http://www.bgs.ac.uk * -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Robson, Peter INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle OS level security
H...just thinking. How much of the sensitive info is encrypted to/from the client? If us SA/DBA folks can't get around system-level and DB-level audits (made more difficult in 9i), network snooping and forging of unencrypted data right from the DB server could be another hole to exploit (one reason why my paranoia prevents me from viewing my paycheck online and unencrypted here at work). BTW, I can't find any hint of a BBDE program on 9iR2/Winders nor 8.1.7 on HP. I would like it to learn more about block level storage (on our TEST DBs, obviously!). Anyone with more info on this? Rich Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA -Original Message- From: Mercadante, Thomas F [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 27, 2002 10:20 AM To: Multiple recipients of list ORACLE-L Subject: RE: Oracle OS level security Let's face it. The SA's have all the privs in the world. Finally, with 9i, and connect internal going away, we can prevent unauthorized connections to the database to prevent data snooping. But we all know that there are ways around everything in this world. It comes down to this simple point: The organization has to trust someone with the keys to the treasury. It is unavoidable. Tom Mercadante Oracle Certified Professional -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle OS level security
Let's face it. The SA's have all the privs in the world. Finally, with 9i, and connect internal going away, we can prevent unauthorized connections to the database to prevent data snooping. But we all know that there are ways around everything in this world. It comes down to this simple point: The organization has to trust someone with the keys to the treasury. It is unavoidable. Tom Mercadante Oracle Certified Professional -Original Message- Sent: Wednesday, November 27, 2002 9:59 AM To: Multiple recipients of list ORACLE-L True, and the question suggests the DBA can be properly vetted while the system administator cannot. I suppose one could try somne type of two-man control. Jared and his system administrator each know a different half of the root and sysdba passwordJust how this could be setup is beyond my ken. Responses to database emergencies would be interesting. If one could implement a system which would fully protect the database from system administrators, one would also need to weigh the costs of that protection against the perceived gain. Ian MacGregor Stanford Linear Accelerator Center [EMAIL PROTECTED] -Original Message- Sent: Wednesday, November 27, 2002 5:14 AM To: Multiple recipients of list ORACLE-L Jared, Nice question. I don't have an answer, but a comment. It all comes down to Risk Management. In my opinion, Risk Management entails identifying all known risks to losing or changing data in an authorized manner. Once the risks are identified and explained to the organization, they decide what needs to be dealt with and what they are willing to risk based on the probability of the event actually happening. In your example, you've identified the risk of allowing other people admin access on the database server machine. If management is unwilling to revoke these privs, then they need to understand the risk that they have accepted. The risk they've accepted is that someone could, thru the use of stolen passwords, the BBED editor, or simply deleting a database file, cause a disruption, loss of service or loss of data to the organization. And there is not much you (as the DBA) can do about it. I'm sure I'm preaching to the choir here. But a lot of what we (DBA's) do comes down to communication and education of management, and explaining things in terms that they can understand. Hope this helps. Tom Mercadante Oracle Certified Professional -Original Message- Sent: Tuesday, November 26, 2002 6:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used as a reference to look for unauthorized transactions in the primary server. If this same admin has access to the remote server where the MV's are, then this can also be circumvented. There is also the logs created as when logging in as internal or sysdba. ( $ORACLE_HOME/rdms/audit/*.aud ) These can simply be deleted. Some system could be used to save these to a remote server, but it would have to run *very* frequently to be effective. Oracle password
RE: Oracle OS level security
Dan Point taken. I was thinking more of being careful with recently hired employees and consultants that will only be around for a short time. Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Wednesday, November 27, 2002 10:10 AM To: Multiple recipients of list ORACLE-L Dennis, I must respectfully disagree with 1. I would suggest that the 'can' be changed to a 'cannot'. It is this type of person that will stand up and say 'This is wrong.' Therein lies your security. Dan Fink -Original Message- Sent: Wednesday, November 27, 2002 7:19 AM To: Multiple recipients of list ORACLE-L Jared - I think Thomas has a good point. Here is the way I look at it: 1. Make the server with critical information as secure as possible. 2. Restrict command line or console access to the minimum number of people. This narrows you down to a few sys admins and DBAs. For them your choices are: 1. Hire trustworthy professionals, people that can be intimidated by the threat of being fired. 2. Hire people too stupid to understand how to break into stuff. 3. Configure a really paranoid system to keep the people that must manage the system from being able to do their job. You could spend a lot of extra effort on this one. And it would have to be designed and audited by people outside the company. Years ago, a company I worked for tried option 3. It was a mainframe system with no interactive access. There were three groups of people that worked there, keypunch operators, programmers, and computer operators. The theory was that to defraud the system would require more than one person. A programmer could write a bogus program, but couldn't run it, would need an operator. And so on. They even had a separate building entrance for each group. Nobody outside of management seemed to think it was all that secure. Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Wednesday, November 27, 2002 7:14 AM To: Multiple recipients of list ORACLE-L Jared, Nice question. I don't have an answer, but a comment. It all comes down to Risk Management. In my opinion, Risk Management entails identifying all known risks to losing or changing data in an authorized manner. Once the risks are identified and explained to the organization, they decide what needs to be dealt with and what they are willing to risk based on the probability of the event actually happening. In your example, you've identified the risk of allowing other people admin access on the database server machine. If management is unwilling to revoke these privs, then they need to understand the risk that they have accepted. The risk they've accepted is that someone could, thru the use of stolen passwords, the BBED editor, or simply deleting a database file, cause a disruption, loss of service or loss of data to the organization. And there is not much you (as the DBA) can do about it. I'm sure I'm preaching to the choir here. But a lot of what we (DBA's) do comes down to communication and education of management, and explaining things in terms that they can understand. Hope this helps. Tom Mercadante Oracle Certified Professional -Original Message- Sent: Tuesday, November 26, 2002 6:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's
Re: Best way to store images in DB ?
I've seen several answers to that post but none of them have asked the question : what will you do with the images ? If the images are to be queried a lot then do not store them in the database. Keep them on the OS. In a prevoius life, we've benchmarked our site (www.houra.fr) with images in and out of Oracle. Out wins in term fo performance. We have developed a small system so the managers can entered text for each images. This time, the images were in Oracle in a blob datatype. Was 816/sun HTH --- oraora oraora [EMAIL PROTECTED] a écrit : Guys, i have to store 20,000,000 images of 5k each in DB. which is the best possible way to do it ? can i store it as BLOB or use UTL_FILE_DIR ? is there any other means of achieving the same ? it's 8.1.6 on Win2k. Kindly let me know. TIA. Jp. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: oraora oraora INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). = Stéphane Paquette DBA Oracle et DB2, consultant entrepôt de données Oracle and DB2 DBA, datawarehouse consultant [EMAIL PROTECTED] __ Lèche-vitrine ou lèche-écran ? magasinage.yahoo.ca -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: =?iso-8859-1?q?Stephane=20Paquette?= INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: redo log file setup with mirrored drives
Good point! I'll take that one step further and suggest select * from v$instance as that will also display the node that the DB is on. Good to know, especially if you have 3rd party apps that name the DBs the same. Rich Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA -Original Message- From: Rachel Carmichael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 27, 2002 9:54 AM To: Multiple recipients of list ORACLE-L Subject: RE: redo log file setup with mirrored drives [snip] it. I've learned to ALWAYS do a pwd at the OS level and a select * from v$database when I am connected to a database. [snip] -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: IOUG 2003
I have heard about my university session, but not the regular sessions. They are scheduled to publish a schedule fairly soon, so we should be finding out shortly...I hope! -Original Message- Sent: Wednesday, November 27, 2002 8:04 AM To: Multiple recipients of list ORACLE-L Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Fink, Dan INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Data Warehousing books for Oracle 9i (once again)
Even 1$ is too much for Oracle8 Data Warehousing ! We're not yet on 9i so I've not checked about that kind of book. For DW only, check Ralph Kimball's book and the IBM red book site( http://www.redbooks.ibm.com/). There is an excellent document (PDF) about datawarehousing in general. The data warehouse institute (http://www.dw-institute.com) offers papers and training. On 8i, I can recommend Tim Gorman's book. DW are never reorganised but updated on the frequency needed by the business needs. HTH --- Jesse, Rich [EMAIL PROTECTED] a écrit : Yes, I know -- old topic, but a search thru the 440 DW posts on the fatcity archives didn't reveal much. Not having much of any knowledge on DW/DM, I picked up the Oracle Press' Oracle8 Data Warehousing book for $1 on the clearance rack in hopes that an overall view of the procedures necessary for DW/DM building and maintenance to give me some idea of what I'm up against. I can't help but be completely confused by this book because it doesn't seem to cover DW/DM maintenance at all. It has a chapter dedicated to various ways to populate the DW/DM, but not how to keep the data up-to-date. Do DWs get completely regenerated on a daily/weekly/periodic basis? This just doesn't seem feasible to me, especially for large (1T+) DWs. Am I missing something? Are newer revs of this book better? Are there any better DW books geared specifically for Oracle9i? Does Martha know that John is really her long-lost brother? From past posts (Jared's?), I'm thinking that we'd be at least picking up Kimball's DW Toolkit, 2nd Ed. and hopefully we'll get some training in for this, too, but I would like something specific to DWs on Oracle 9i. TIA! :) Rich Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). = Stéphane Paquette DBA Oracle et DB2, consultant entrepôt de données Oracle and DB2 DBA, datawarehouse consultant [EMAIL PROTECTED] __ Lèche-vitrine ou lèche-écran ? magasinage.yahoo.ca -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: =?iso-8859-1?q?Stephane=20Paquette?= INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: LGWR using lots of CPU time, low CPU usage
Oh boy, is my face red! I remembered that of course, as soon as I saw this. I need to keep better track of who I'm plagierizing. :) Jared Cary Millsap [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/26/2002 03:05 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:RE: LGWR using lots of CPU time, low CPU usage The ultimate sincerest form of flattery is for someone to attribute something smart to you that you wish you had done but, alas, did not actually do. (It was Tim Gorman who posted the excellent analogy.) Cary Millsap Hotsos Enterprises, Ltd. http://www.hotsos.com Upcoming events: - Hotsos Clinic, Dec 9-11 Honolulu - Hotsos Clinic 101, Jan 7-9 Knoxville - Steve Adams's Miracle Master Class, Jan 13-15 Copenhagen - 2003 Hotsos Symposium, Feb 9-12 Dallas -Original Message- [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 4:07 PM To: Multiple recipients of list ORACLE-L And old school is still right about not putting RedoLogs onto RAID5. From what I'm being told, this is not your father's RAID5. This is what they tell me: The CPU hands the IO to the disk controller and rather than do the physical disk IO while the process waits, the disk controller caches it to local memory and says done. Therefore, effectively there is no wait for IO and it doesn't matter if we are RAID 5 or RAID 0+1, the system is NOT waiting for the IO. He said the only time there might be a delay is during the cache's battery refresh times. I checked your dates and it was not occurring during those times. Also, if you look at the iostat statistics under the 'wait' and '%w' headers you will see all zeros. Debi, That is true, up to a point. Think of the cache as a water tank. You have a garden hose filling up the tank. You can keep increasing the water pressure for a while. But the outlet at the other end of the tank has a fixed capacity. It flows 10 GPM, and no more. What happens when you increase the flow at the intake to 20 GPM? The tank fills up. When the tank fills up, your intake flow will need to decrease, because you can only flow 10 GPM at the outlet. Now, think of the outlet as writing to disk, the RAID5 cache is the water tank, and your database is the inlet that wants to run at 20 GPM. If your database activity will never be intensive enough to stress the cache like this, no problem. But 'never' is a very long time. If any of this sound familiar, Cary Millsap posted a very similar explanation a few weeks ago. Plagierism is the sincerest form of flattery. :) Jared -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Cary Millsap INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: redo log file setup with mirrored drives
-Original Message- Sorry if you took offense at some attempted humor. -- No offense taken here. I've always worked in large environments where there were multiple DBA's, sys admins, developers, and testers. One cannot be easily offended and survive in these environments. You have your debates; break a few chairs in the ensuing fight; then go out for lunch. It's all a nice break from the daily routine. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephen Lee INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: is it possible ?
-Original Message- Is it possible For 2 Databases to be Brought up on the SAME machine with the SAME ORACLE_SID from Different ORACLE_HOMEs ? If so , how ? It would seem so. Listener setup might be a bit dicey. I might have to try this. It seems that as long as you had separate environments, it should work ... we're talking Unix here right? -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephen Lee INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Data Warehousing books for Oracle 9i (once again)
Rich - I don't claim to be a DW expert. My impression is that what you have to do for a DW will vary widely from site to site. Also, much of the work may be done by people besides yourself, and they may elect to use tools besides Oracle. I would consider a hierarchy of load/update tools to be as follows: 1. ODBC tools 2. Oracle - SQL, PL/SQL, etc. 3. O.S. tools The ODBC tools are the most convenient, and may give okay performance for small amounts of data. You probably won't be using them, so this means someone besides yourself may be doing much of the work. But for large data sets, the performance may not be adequate. For really large amounts of data, you may find it necessary to process data at the O.S. level before you load it into Oracle. For example, you might sort the data before loading it into Oracle. SyncSort makes its money by being faster than Oracle. Updating just adds more complexity and more variety to the tool set. You must select a method based on your situation. Bottom line, use whatever works, and the more tools in your tool chest the better. Next week I plan to make up a list of 9i new features that may be useful for DW, to brief my DW developers. I'll send you the list. Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Wednesday, November 27, 2002 10:20 AM To: Multiple recipients of list ORACLE-L Yes, I know -- old topic, but a search thru the 440 DW posts on the fatcity archives didn't reveal much. Not having much of any knowledge on DW/DM, I picked up the Oracle Press' Oracle8 Data Warehousing book for $1 on the clearance rack in hopes that an overall view of the procedures necessary for DW/DM building and maintenance to give me some idea of what I'm up against. I can't help but be completely confused by this book because it doesn't seem to cover DW/DM maintenance at all. It has a chapter dedicated to various ways to populate the DW/DM, but not how to keep the data up-to-date. Do DWs get completely regenerated on a daily/weekly/periodic basis? This just doesn't seem feasible to me, especially for large (1T+) DWs. Am I missing something? Are newer revs of this book better? Are there any better DW books geared specifically for Oracle9i? Does Martha know that John is really her long-lost brother? From past posts (Jared's?), I'm thinking that we'd be at least picking up Kimball's DW Toolkit, 2nd Ed. and hopefully we'll get some training in for this, too, but I would like something specific to DWs on Oracle 9i. TIA! :) Rich Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: DENNIS WILLIAMS INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle 8.1.6 Installation error
-Original Message- I was under impression that you can install a lower version of Oracle in the same box. Did you use a different ORACLE_HOME? I sounds like your oracle home is the same. If so, the install is probably finding the existing inventory file. With completely a different installation location, the installer would not find the other inventory file and, consequently, have no idea what was on the box in the other location. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephen Lee INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: IOUG 2003
yeah I got one a few weeks ago. I don't remember the new pricing --- Weaver, Walt [EMAIL PROTECTED] wrote: Speaking of IOUG, did anyone else get a membership renewal email recently? Seems to me the annual dues have gone up significantly this year. --Walt Weaver Bozeman, Montana -Original Message- Sent: Wednesday, November 27, 2002 8:04 AM To: Multiple recipients of list ORACLE-L Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Weaver, Walt INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle OS level security
You may just possibly be the only other DBA besides me who does NOT want root access! I know just enough to be dangerous. I have more than enough work to do without taking over the SA's job as well. theoretical point 2: yes, you should trust your DBAs and SAs. But if you, for whatever reason, have to have a temporary person in, someone you don't know, who leaves and is not reachable/accountable, then it behooves you to put some sort of controls in place. perhaps just logging each session so that what is done can be seen, without making it so onerous that people try to circumvent the rules. We have a hosting company here for our staging and production servers. I have an account on both servers. They have not, as yet, changed the database passwords (we're in the process of going live and they haven't set up a read-only account for me). I *could* go in and fix the problems. That would be the fast way, and the users certainly would appreciate it. I follow the rules. Submit change requests, with scripts attached. It's safer all around. --- Fink, Dan [EMAIL PROTECTED] wrote: Jared, I realize the following is not really an answer, but it may provide a little food for thought. Practical: 1. Log miner or other log reading tool could be used to track changes made through the transaction layer. Some operations can be done with nologging, but not all and the undo is logged regardless. Yes, it would be complicated and messy. 2. If you don't trust the SAs and DBAs for the systems, they need to be replaced. You are absolutely correct that if a person has the knowledge and motive, almost anything is possible. This is shown time and time again by corporate embezzlement. 3. As a DBA, I never want to know root's password. If I need SA type commands, either use sudo on unix (not sure if there is an equivalent on NT/2K) or provide exact information to the SA. I work on maintaining a good relationship with the SAs so we each respect each other's 'turf' and don't try to do things we are not qualified to do. 4. Changing passwords frequently, especially system generated ones, leads to people writing them down or otherwise storing them somewhere they can be accessed. I wonder how many of us have 1 password (with minor variations) for the overwhelming majority of our systems/logins. 5. Don't make security so onerous and inconvenient that people are constantly looking for ways around it just so that they can do their job. This encourages the creation of security holes and a general disregard for the processes and procedures. 6. If you create a server no admins have access to, how would it be set up and maintained? Theoretical The only truly secure system is the one that is never turned on. Once power is applied and the system is started, it can be compromised. An SA can su - oracle and login as sysdba, a DBA can spoof a user, a developer could insert malicious code. I think that the issue is to create and abide by standards and processes, hire trustworthy personnel and treat them right. As has been shown recently here in the US, there are significant business risks from unethical, greedy people. How are these prevented? Dan Fink -Original Message- Sent: Tuesday, November 26, 2002 4:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more
Re: IOUG 2003
Arup, thanks. I'm just trying to plan.. and give my boss info for budgets! Rachel --- Arup Nanda [EMAIL PROTECTED] wrote: Rachel, I inquired the same with IOUG Conference Committee and here is the response from Julie Ferry. START OF MESSAGE - Original Message - To: '[EMAIL PROTECTED]' Sent: Tuesday, November 05, 2002 2:26 PM Hi Arup, Speaker notifications will be send out the second week of December. All speakers that submitted an abstract for Live! will receive a message regardless of whether or not they were accepted. Thanks. Julie END OF MESSAGE Hope this helps. Arup - Original Message - To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] Sent: Wednesday, November 27, 2002 10:03 AM Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Arup Nanda INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: IOUG 2003
I did. Wasn't the renewal $75 last year, or am I dating myself? If so, a 67% increase is pretty substantial to me. Brian -Original Message- Walt Sent: Wednesday, November 27, 2002 9:54 AM To: Multiple recipients of list ORACLE-L Speaking of IOUG, did anyone else get a membership renewal email recently? Seems to me the annual dues have gone up significantly this year. --Walt Weaver Bozeman, Montana -Original Message- Sent: Wednesday, November 27, 2002 8:04 AM To: Multiple recipients of list ORACLE-L Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Weaver, Walt INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Brian McGraw INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: IOUG 2003
yeah and I can't sign up for your session until I know how I'm signing up. Okay, I'll try to be patient a little while longer. I'm not good at patience --- Fink, Dan [EMAIL PROTECTED] wrote: I have heard about my university session, but not the regular sessions. They are scheduled to publish a schedule fairly soon, so we should be finding out shortly...I hope! -Original Message- Sent: Wednesday, November 27, 2002 8:04 AM To: Multiple recipients of list ORACLE-L Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Fink, Dan INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle OS level security
NRC audits, boy those sure are fun to be on the receiving end of. Nothing like getting comfy on the couch and reading 10CFR for pleasure. -Original Message- Sent: Wednesday, November 27, 2002 10:56 AM To: Multiple recipients of list ORACLE-L Jared - I would be very careful about naming specific tools. Having been an NRC auditor and been audited a lot of times, there is sometimes too much specific information, which will leave the auditor with the impression there is no security at all. They will then feel obligated to flunk your system/process/site, or at least give you a ton or corrective action items. If you feel heavily obligated, you might allude to the fact that an expert could access the Oracle data at the O.S. level if they were very determined and leave it at that. I'm sure there are some O.S. tools that can accomplish what BBED can, if not as conveniently. Dennis Williams DBA Lifetouch, Inc. [EMAIL PROTECTED] -Original Message- Sent: Wednesday, November 27, 2002 8:09 AM To: Multiple recipients of list ORACLE-L Hadn't even considered BBED, and I have no idea what their take is on it. Guess I'll have to ask. Jared On Tuesday 26 November 2002 16:09, K Gopalakrishnan wrote: Jared: Any one with a reasonable knowledge of Oracle Data Storage Internals can use the Data block Editor (BBED) to update anything in your database without the knowledge of the RDBMS kernel auditing mechanisms. Agreed,BBED is protected by a password in Windoze ports and one need to explicitly make the executable in Unix ports. But the point here is the hacker can do anything using the BBEd and this can be done even while your database is up and running !! What is their take on this kind of attack(!)s? Best Regards, K Gopalakrishnan -Original Message- [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 3:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used as a reference to look for unauthorized transactions in the primary server. If this same admin has access to the remote server where the MV's are, then this can also be circumvented. There is also the logs created as when logging in as internal or sysdba. ( $ORACLE_HOME/rdms/audit/*.aud ) These can simply be deleted. Some system could be used to save these to a remote server, but it would have to run *very* frequently to be effective. Oracle password files could also be used. While this can prevent someone from logging in as SYS or SYSTEM while in place, all it takes is a change to init.ora, and a database bounce to fix that. Make your bogus data changes, change the init.ora back and bounce the database again. A somewhat clever person could set this up to automatically take place the next time the DB is bounced. The conclusion I have come to is that the only effective method that could be used to create an audit trail for such a scenario is to create Materialized Views on sensitive tables, and create them on a server that admins are
RE: Oracle OS level security
Just a thought. How about also encrypt the sensitive data. And the one who holds the key to decrypt it doesn't have access to the system. And the one does have access doesn't know the key to decrypt. The two will have to work together to do un-authorized things, but at least it will make it harder. Don't introduce them, ever. :) Richard Ji -Original Message- Sent: Wednesday, November 27, 2002 11:20 AM To: Multiple recipients of list ORACLE-L Let's face it. The SA's have all the privs in the world. Finally, with 9i, and connect internal going away, we can prevent unauthorized connections to the database to prevent data snooping. But we all know that there are ways around everything in this world. It comes down to this simple point: The organization has to trust someone with the keys to the treasury. It is unavoidable. Tom Mercadante Oracle Certified Professional -Original Message- Sent: Wednesday, November 27, 2002 9:59 AM To: Multiple recipients of list ORACLE-L True, and the question suggests the DBA can be properly vetted while the system administator cannot. I suppose one could try somne type of two-man control. Jared and his system administrator each know a different half of the root and sysdba passwordJust how this could be setup is beyond my ken. Responses to database emergencies would be interesting. If one could implement a system which would fully protect the database from system administrators, one would also need to weigh the costs of that protection against the perceived gain. Ian MacGregor Stanford Linear Accelerator Center [EMAIL PROTECTED] -Original Message- Sent: Wednesday, November 27, 2002 5:14 AM To: Multiple recipients of list ORACLE-L Jared, Nice question. I don't have an answer, but a comment. It all comes down to Risk Management. In my opinion, Risk Management entails identifying all known risks to losing or changing data in an authorized manner. Once the risks are identified and explained to the organization, they decide what needs to be dealt with and what they are willing to risk based on the probability of the event actually happening. In your example, you've identified the risk of allowing other people admin access on the database server machine. If management is unwilling to revoke these privs, then they need to understand the risk that they have accepted. The risk they've accepted is that someone could, thru the use of stolen passwords, the BBED editor, or simply deleting a database file, cause a disruption, loss of service or loss of data to the organization. And there is not much you (as the DBA) can do about it. I'm sure I'm preaching to the choir here. But a lot of what we (DBA's) do comes down to communication and education of management, and explaining things in terms that they can understand. Hope this helps. Tom Mercadante Oracle Certified Professional -Original Message- Sent: Tuesday, November 26, 2002 6:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized view on a remote database could be created on sensitive tables to remotely log all actions. In the case of the audit table, that could easily be disabled, and then re-enabled after the nefarious DML had completed. The materialized views might be more difficult to circumvent. If the remote end is using a dblink to the server employing a password that is *different* than that of it's own account at the remote server, it should be impossible for someone to completely cover the traces of transactions created to falsify data. The MV Logs could be dropped, but without access to the MV's at the remote server, the MV's would have to be left in place. These could be used
Is Oracle Text PATH_SECTION_GROUP incompatible with highlighting?
The Oracle Text Reference for 9iR2 says that the INPATH
operator (that isonly available for PATH_SECTION_GROUPs) does not work
with highlighting - and when you try it out, you get an error message - FAIR
ENOUGH. The manual does however not say whether highlighting is compatible with
PATH_SECTION_GROUP when using the WITHIN operator. When you try it out it does
NOT give an error message. But it seems to give the wrong result (which is worse
than giving an error message). Are highlighting and PATH_SECTION_GROUP
incompatiable regardless of operator (or is it a bug)??
Example is given below. Any help is appreciated.
Regards,
Michael Garfield Sørensen, CeDeT
Example (Oracle9iR2 9.0.2.1 EE on
Windows2000Professional SP3 (DK)):
SQL connect
system/***Forbindelsen er oprettet.SQL grant ctxapp to
scott;
Adgang er givet (Grant).
SQL connect scott/*Forbindelsen
er oprettet.SQL CREATE TABLE my_content( 2
normid VARCHAR2(255) NOT NULL, 3 content CLOB
NOT NULL, 4 CONSTRAINT my_content_pk PRIMARY
KEY(normid)) 5 LOB(content) STORE AS (CACHE);
Tabel er oprettet.
SQL SQL BEGIN
2
ctx_ddl.create_section_group('my_content_sg','PATH_SECTION_GROUP');
3 -- 4 END; 5 /
PL/SQL-procedure er udført.
SQL SQL CREATE INDEX
my_content_ix ON my_content(content) 2 INDEXTYPE IS
ctxsys.context 3 PARAMETERS('SECTION GROUP
my_content_sg');
Indeks er oprettet.
SQL SQL INSERT INTO
my_content(normid,content) 2 VALUES('d1','BOOK TITLE="Tale
of Two Cities" 3 AUTHORSAUTHOR NAME="Charles
Dickens"Born in England in the townStratford Upon
Avon/AUTHOR/AUTHORS 4 TEXTIt was the
best of times. 5 ... 6
/TEXT/BOOK');
1 række er oprettet.
SQL SQL BEGIN
2 ctx_ddl.sync_index('scott.my_content_ix'); 3
END; 4 /
PL/SQL-procedure er udført.
SQL SQL ANALYZE TABLE
my_content COMPUTE STATISTICS;
Tabel er analyseret.
SQL SQL COLUMN normid FORMAT
a20SQL PROMPT INPATH worksINPATH worksSQL SELECT /*+
FIRST_ROWS */ normid,SCORE(1) FROM my_content 2 WHERE
CONTAINS(content,'Stratford INPATH(BOOK)',1)0 3 ORDER
BY SCORE(1) DESC;
NORMID
SCORE(1)
--d1
3
SQL PROMPT WITHIN worksWITHIN
worksSQL SELECT /*+ FIRST_ROWS */ normid,SCORE(1) FROM
my_content 2 WHERE CONTAINS(content,'Stratford WITHIN
BOOK',1)0 3 ORDER BY SCORE(1) DESC;
NORMID
SCORE(1)
--
d1
3
SQL SQL SET SERVEROUTPUT ON
SIZE 100;SQL PROMPT INPATH with highlighting does not
work!INPATH with highlighting does not work!SQL DECLARE
2 h_tab ctx_doc.highlight_tab; 3
BEGIN 4
ctx_doc.highlight('MY_CONTENT_IX','d1','Stratford
INPATH(BOOK)',h_tab,FALSE); 5
DBMS_OUTPUT.PUT_LINE(h_tab.COUNT); 6 FOR i IN
1..h_tab.COUNT LOOP 7
DBMS_OUTPUT.PUT_LINE('Highlight('||i||'):Offset='||h_tab(i).offset||',Length='||h_tab(i).length);
8 END LOOP; 9 END;10
/DECLARE*FEJL i linie 1:ORA-2: Oracle Text-fejl:
ORA-06512: ved "CTXSYS.DRUE", linje 157 ORA-06512: ved "CTXSYS.CTX_DOC",
linje 914 ORA-06512: ved linje 4
SQL SQL PROMPT WITHIN with highlighting seems to be supposed
to work - butdoes it?WITHIN with highlighting seems to be supposed to
work - but does it?SQL DECLARE 2 h_tab
ctx_doc.highlight_tab; 3 BEGIN 4
ctx_doc.highlight('MY_CONTENT_IX','d1','Stratford WITHIN
BOOK',h_tab,FALSE); 5 DBMS_OUTPUT.PUT_LINE('This
should be 1, but it is:'); 6
DBMS_OUTPUT.PUT_LINE('');
7 DBMS_OUTPUT.PUT_LINE(h_tab.COUNT);
8
DBMS_OUTPUT.PUT_LINE('');
9 FOR i IN 1..h_tab.COUNT
LOOP10
DBMS_OUTPUT.PUT_LINE('Highlight('||i||'):Offset='||h_tab(i).offset||',Length='||h_tab(i).length);11
END LOOP;12 END;13 /This should be 1, but it
is:
0
PL/SQL-procedure er udført.
Re:The future DBAs?
where were you when I needed you? You left NY is where. We have been using data modelers here. Of course, we've gone through 3 completely different versions of the model, from a generic one to a hybrid to a relational one. I think we're done for the moment. :) Rachel --- Martin Bonner [EMAIL PROTECTED] wrote: I'm a data modeler at heart... that's about 90% of what the military used me for. Unfortunately, it seems that, at least in this area, when the economy turns sour, the designers are the first to go. In my last interview, I was told that they didn't really have enough work for a full time DBA yet, so the position would also likely be used as a sysad, a network engineer, a junior programmer, etc... I suppose data modelers are dead for the moment. Please contradict me. Please Marty At 02:19 PM 11/26/2002 -0800, you wrote: Personally, I like Data Architecture. And data modeling. I never could get enough of that. The hard part is explaining to people that don't quite understand the concept. Dave Hay rules! http://www.amazon.com/exec/obidos/tg/detail/-/0932633293 Being the sole DBA for the company, I don't get nearly enough opportunities for this anymore, and don't have the time for much of it anyway. Jared [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/26/2002 10:04 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:Re:The future DBAs? Well, I give MicroSlop pretty poor grades for predicting the future and Monster.com is absolutely useless (naw make that less than) at job stuff in general. I will agree with the person who wrote the article on one point. The job of being a DBA is changing and we all need to remain flexible to remain useful in the marketplace. That in some cases means spreading our wings from the historical role of DBA. We may need to become part time (or full time) data architects, reporting tool experts, etc... But in the end, I don't see us degrading to the level of an order entry clerk nor order entry clerks upgrading to DBA's. As usual the MicroSlop propaganda machine is at work again. Dick Goulet Reply Separator Author: Arup Nanda [EMAIL PROTECTED] Date: 11/25/2002 5:48 PM Fellow DBAs and other DBA wannabes, Ever wondered the best path into a DBA career? Microsoft offers a brilliant way. MSN Careers at http://editorial.careers.msn.com/articles/nofuture/ suggests some jobs are effectively dead, like farmers and sewing machine operators and how the experts in that field can progress to the next logical career move. Guess which profession's logical career move is database administrator? See the excerpt from the webpage here in the attachment as a picture. I just couldn't resist posting it here. May be they are referring to SQL Server DBAs? Arup Nanda _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Marty All of life's big problems include the words 'indictment' or 'inoperable.' Everything else is small stuff. - -Alton Brown, host, 'Good Eats' __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: IOUG 2003
Queen? Is that a promotion or demotion? :) One does not usually TEST something by releasing it to the public. Unless one is MS and in earlier versions, Oracle. :) --- Karniotis, Stephen [EMAIL PROTECTED] wrote: Ah. The Queen is ranting again. Confirmations have not been sent out by the IOUG as of yet. Should be sometime within the next week or so. The setup for the speakers is to have us test the registration and to have it ready when the confirmations go out. I would assume that registration will be comparable to last year. Thank You Stephen P. Karniotis Product Architect Compuware Corporation Direct: (248) 865-4350 Mobile: (248) 408-2918 Email:[EMAIL PROTECTED] Web: www.compuware.com -Original Message- Sent: Wednesday, November 27, 2002 10:04 AM To: Multiple recipients of list ORACLE-L Subject: IOUG 2003 Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Karniotis, Stephen INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: redo log file setup with mirrored drives
I script and test as well. But sometimes you can't think of every possible problem. My point wasn't to have a contest of who had worse problems or who had a problem that the other didn't. merely that sometimes hardware mirroring is not the be-all/end-all solution. We all could swap war stories for hours. But I need a beer before I start that, that's thirsty work :) --- Stephen Lee [EMAIL PROTECTED] wrote: -Original Message- have you NEVER accidentally, at 3AM, after having been woken from a sound sleep to a crisis that needs to be fixed RIGHT NOW, made a typo? Actually no. But we usually script our actions and test the scripts prior to doing anything in production. As a sys admin, I've restored enough casualties of the rm -rf * command to be rather careful about it myself. Um, I have. I was wondering if anyone had. But I could turn this around too and give an example of when duplexing the redos failed to save me. One so-called patch that Compaq released for Tru64 actually caused disk writes to be unreliable (OH MY GOD!!). And we wound up with a G.D. mess in spite of the redos being duplexed all nice and official. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephen Lee INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: IOUG 2003
I remember it being $75 too. --Walt -Original Message- Sent: Wednesday, November 27, 2002 11:34 AM To: Multiple recipients of list ORACLE-L I did. Wasn't the renewal $75 last year, or am I dating myself? If so, a 67% increase is pretty substantial to me. Brian -Original Message- Walt Sent: Wednesday, November 27, 2002 9:54 AM To: Multiple recipients of list ORACLE-L Speaking of IOUG, did anyone else get a membership renewal email recently? Seems to me the annual dues have gone up significantly this year. --Walt Weaver Bozeman, Montana -Original Message- Sent: Wednesday, November 27, 2002 8:04 AM To: Multiple recipients of list ORACLE-L Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Weaver, Walt INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Brian McGraw INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Weaver, Walt INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
calling Oracle stored procedures from ASP/ADO
Does anyone have a good example of this? We have a developer here that has been unable to figure out how to do this properly. Numerous examples from support.microsoft.com are apparently no help. A particular problem seems to be declaring the args properly, as he consistently gets and 'invalid type on parameter' error from ODBC. Thanks, Jared -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: is it possible ?
On earlier (Unix) versions the SID was used to hash a value for the shared memory segment identifier. If this still is the case then what you are asking is _NOT_ possible. V7 even had a length of SID restriction...but that is long gone. There were even cases of 2 different SID's hashing to the same ident and causing problemsbut I haven't heard of that one in a long time. HTH Jeff Herrick On Wed, 27 Nov 2002, Stephen Lee wrote: -Original Message- Is it possible For 2 Databases to be Brought up on the SAME machine with the SAME ORACLE_SID from Different ORACLE_HOMEs ? If so , how ? It would seem so. Listener setup might be a bit dicey. I might have to try this. It seems that as long as you had separate environments, it should work ... we're talking Unix here right? -- -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jeff Herrick INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: LGWR using lots of CPU time, low CPU usage
You best be careful, Jared. You KNOW how uptight and evil Tim can be! :) -Original Message- Sent: Wednesday, November 27, 2002 9:56 AM To: Multiple recipients of list ORACLE-L Oh boy, is my face red! I remembered that of course, as soon as I saw this. I need to keep better track of who I'm plagierizing. :) Jared Cary Millsap [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 11/26/2002 03:05 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:RE: LGWR using lots of CPU time, low CPU usage The ultimate sincerest form of flattery is for someone to attribute something smart to you that you wish you had done but, alas, did not actually do. (It was Tim Gorman who posted the excellent analogy.) Cary Millsap Hotsos Enterprises, Ltd. http://www.hotsos.com Upcoming events: - Hotsos Clinic, Dec 9-11 Honolulu - Hotsos Clinic 101, Jan 7-9 Knoxville - Steve Adams's Miracle Master Class, Jan 13-15 Copenhagen - 2003 Hotsos Symposium, Feb 9-12 Dallas -Original Message- [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 4:07 PM To: Multiple recipients of list ORACLE-L And old school is still right about not putting RedoLogs onto RAID5. From what I'm being told, this is not your father's RAID5. This is what they tell me: The CPU hands the IO to the disk controller and rather than do the physical disk IO while the process waits, the disk controller caches it to local memory and says done. Therefore, effectively there is no wait for IO and it doesn't matter if we are RAID 5 or RAID 0+1, the system is NOT waiting for the IO. He said the only time there might be a delay is during the cache's battery refresh times. I checked your dates and it was not occurring during those times. Also, if you look at the iostat statistics under the 'wait' and '%w' headers you will see all zeros. Debi, That is true, up to a point. Think of the cache as a water tank. You have a garden hose filling up the tank. You can keep increasing the water pressure for a while. But the outlet at the other end of the tank has a fixed capacity. It flows 10 GPM, and no more. What happens when you increase the flow at the intake to 20 GPM? The tank fills up. When the tank fills up, your intake flow will need to decrease, because you can only flow 10 GPM at the outlet. Now, think of the outlet as writing to disk, the RAID5 cache is the water tank, and your database is the inlet that wants to run at 20 GPM. If your database activity will never be intensive enough to stress the cache like this, no problem. But 'never' is a very long time. If any of this sound familiar, Cary Millsap posted a very similar explanation a few weeks ago. Plagierism is the sincerest form of flattery. :) Jared -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Cary Millsap INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Fink, Dan INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list
RE: IOUG 2003
Rachel and everyone, As a follow-up, speaker notifications have not gone out yet for IOUG Live! 2003. They are scheduled to email the week of December 9. If you submitted an abstract, IOUG suggests that you wait until mid-December to register for the conference. At that time, you'll know the status of your submission. The early-bird rates will still apply at that time. If you have further questions, please call HQ at 312-245-1579 and they will be happy to assist you. Thanks and Happy Thanksgiving! -Ari Kaplan -Original Message- To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] Sent: Wednesday, November 27, 2002 10:03 AM Okay, so I'm trying to get costs for conferences etc so my boss can budget for them. I go to the IOUG site and look at costs for the 2003 conference. I see register online so I click on it. They have it set up for speaker registration already, and ask for the email confirmation code you received. Has anyone on this list, who submitted an abstract, actually RECEIVED a response? Either acceptance or rejection? I haven't. How can you set something up to allow people to register if they don't know which way to register? Sheesh. I can't even register for the University Session I want because I don't know what status I should use when registering. Rachel __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Ari Kaplan INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
patches
Title: Pro*C for Oracle 817 on Win2000? I am wondering how your sites handle patching production servers. I just did a search in MetaLink, since 8174 was released there have been 48 patches (if I just select RDBMS). If I select other items in my search,I get upwards of 70 additional bug fixes. How do high reliability sites handle patching? I assume they would rather fix potential problems (testing the patches on a testbed of course) rather than just apply bug fixes as problems are encountered on production servers. regards, Patrice Boivin Systems Analyst (Oracle Certified DBA)
RE: Oracle OS level security
Excellent point. I always say, I know enough NOT to be dangerous. Funny, two comments that are syntactically opposite, really mean the same thing. -Original Message- Sent: Wednesday, November 27, 2002 11:45 AM To: Multiple recipients of list ORACLE-L You may just possibly be the only other DBA besides me who does NOT want root access! I know just enough to be dangerous. I have more than enough work to do without taking over the SA's job as well. theoretical point 2: yes, you should trust your DBAs and SAs. But if you, for whatever reason, have to have a temporary person in, someone you don't know, who leaves and is not reachable/accountable, then it behooves you to put some sort of controls in place. perhaps just logging each session so that what is done can be seen, without making it so onerous that people try to circumvent the rules. We have a hosting company here for our staging and production servers. I have an account on both servers. They have not, as yet, changed the database passwords (we're in the process of going live and they haven't set up a read-only account for me). I *could* go in and fix the problems. That would be the fast way, and the users certainly would appreciate it. I follow the rules. Submit change requests, with scripts attached. It's safer all around. --- Fink, Dan [EMAIL PROTECTED] wrote: Jared, I realize the following is not really an answer, but it may provide a little food for thought. Practical: 1. Log miner or other log reading tool could be used to track changes made through the transaction layer. Some operations can be done with nologging, but not all and the undo is logged regardless. Yes, it would be complicated and messy. 2. If you don't trust the SAs and DBAs for the systems, they need to be replaced. You are absolutely correct that if a person has the knowledge and motive, almost anything is possible. This is shown time and time again by corporate embezzlement. 3. As a DBA, I never want to know root's password. If I need SA type commands, either use sudo on unix (not sure if there is an equivalent on NT/2K) or provide exact information to the SA. I work on maintaining a good relationship with the SAs so we each respect each other's 'turf' and don't try to do things we are not qualified to do. 4. Changing passwords frequently, especially system generated ones, leads to people writing them down or otherwise storing them somewhere they can be accessed. I wonder how many of us have 1 password (with minor variations) for the overwhelming majority of our systems/logins. 5. Don't make security so onerous and inconvenient that people are constantly looking for ways around it just so that they can do their job. This encourages the creation of security holes and a general disregard for the processes and procedures. 6. If you create a server no admins have access to, how would it be set up and maintained? Theoretical The only truly secure system is the one that is never turned on. Once power is applied and the system is started, it can be compromised. An SA can su - oracle and login as sysdba, a DBA can spoof a user, a developer could insert malicious code. I think that the issue is to create and abide by standards and processes, hire trustworthy personnel and treat them right. As has been shown recently here in the US, there are significant business risks from unethical, greedy people. How are these prevented? Dan Fink -Original Message- Sent: Tuesday, November 26, 2002 4:05 PM To: Multiple recipients of list ORACLE-L Dear list, Let me toss a hypothetical situation at you. Say some auditors looked at some of your primary systems, and concluded that they had no assurance that someone with admin access to the server had not changed financial information to benefit themselves, or to falsify financial records for the gain of the company. Not that they might have any proof that something like that had been done, but rather, just not proof that it had *not* been done. I've been pondering this for a bit, and it seems to me that if someone had good knowledge of both the OS and the database (Oracle), as well as having admin rights on the server, there are few things you can do to prevent such a person from changing data in the database, and completely covering his or her tracks. The platforms in question are Unix, Windows NT and Windows 2000. I've limited it to those as most database systems use one of those, and besides, that's all I know. :) Consider what steps you might take to audit unauthorized transactions performed by an admin. Oracle Auditing could be used, but someone with admin access to the server and database could easily alter the records created by system auditing. You could create an audit table, using a trigger to audit sensitive tables. A materialized
RE: is it possible ?
It's possible on Unix I think. But there are so many things you need to consider. o You won't able to use your oratab file and therefore all the scripts Oracle supplied, dbhome, oraenv, dbshut, dbstart etc. o You might need to use two listeners. But why would you want to do this? Are you trying to produce a test environment on your prod or development server? Or you merely want to try things? Is there any reason you don't want to change the SID? Seems to me, it not worth the trouble to do it, and it might cause you many troubles if you do it. Regards, Richard Ji -Original Message- Sent: Wednesday, November 27, 2002 10:54 AM To: Multiple recipients of list ORACLE-L Is it possible For 2 Databases to be Brought up on the SAME machine with the SAME ORACLE_SID from Different ORACLE_HOMEs ? If so , how ? Thanks -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: VIVEK_SHARMA INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Richard Ji INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
