A 3rd party recently conducted a penetration test/vulnerability assessment which included oracle database servers with an underlying AIX IBM OS. The results of the test showed a number of missing patches on both platforms and recommended the patch management process for this software was looked into.
Our DBA has informed us they only patch at the instruction of of the application developers (often external to the organisation). Claiming if they apply patches the application and application DB could be negatively affected. But at the same time not patching as it could break something also leaves security holes to sensitive data.
So in such cases – where is the middle ground? What should the DBA do to demonstrate they have flagged this issue and are doing all they can to keep software up to data and secure?
There may be no middle ground.
I had a situation where we had a similar audit. The third party software is run and tested with a certain set of database patches. If you deviate from that set of patches,
CCModeler offers a way to enter basic information like entities, attributes and relationships and export them as yEd or erviz diagram. It also can import existing Access or SQL Server tables with relationships.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This video shows setup options and the basic steps and syntax for duplicating (cloning) a database from one instance to another. Examples are given for duplicating to the same machine and to different machines
This video shows syntax for various backup options while discussing how the different basic backup types work. It explains how to take full backups, incremental level 0 backups, incremental level 1 backups in both differential and cumulative mode a…