March 2002

The Specialist
Database News You Can Use

March 2002
A monthly newsletter for Oracle users
from Database Specialists, a consulting firm
specializing in Oracle technology

In this issue:

Identifying Vulnerabilities in Oracle 9iAS

With all the talk about Oracle 9i being “unbreakable,” the DBAs at Database Specialists have found a must-read white paper on the subject. “Hackproofing Oracle Application Server: A Guide to Securing Oracle 9” was written by David Litchfield and published in January by Next Generation Security Software Ltd. This white paper will show you how to test your site for known vulnerabilities and what you can do to make your site more secure. The information contained in this article is quite valuable. You can download it from

Roger Schrag to Lead IOUG University Seminar

The International Oracle Users Group Conference IOUG Live! will be held in San Diego next month (April 14-18, 2002). Once again, we are proud to play a part in this conference. Database Specialists’ president Roger Schrag will lead a full day IOUG University seminar for beginner DBAs and developers entitled, “A Crash Course in Oracle Database Technology and Best Practices.” This seminar will provide attendees with Oracle fundamentals, best practices and the basics of how to install and configure Oracle in such a way that the database will offer optimum performance, reliability, and scalability. Roger will also lead a conference session on performance tuning called “Interpreting Wait Events to Boost System Performance.” Learn more about the IOUG Live! conference at

High Availability in Oracle 9i: A New White Paper

Don’t miss the newest addition to the library of helpful resources on the Database Specialists website, “Don’t Shut Down That Database. Use Oracle 9i Online Object Redefinition Instead” by Chris Lawson and Roger Schrag.

These experts on high availability explain how to use the “online object redefinition” feature of Oracle 9i to deploy schema changes in production while users are accessing and updating data. The authors discuss the dbms_redefinition package provided in Oracle 9i, and how you use this package to reorganize or redefine tables without downtime. You’ll learn about some of the finer points of online object redefinition like interim tables, preserving integrity constraints and rolling back if an error occurs midway. Chris and Roger walk through examples of how dbms_redefinition can be used to deploy schema changes without jeopardizing data availability. See for yourself at
Oracle Security White Paper Available for Download

PenTest Limited, an independent security consulting firm located in the United Kingdom, has posted some valuable resources for Oracle DBAs on their website at The paper entitled “Exploiting and Protecting Oracle” is one of the more thorough papers on security that we have seen. Although experienced DBAs will likely already be familiar with most of the recommendations made in this paper, the extensive survey of security issues in the Oracle database makes this paper a worthwhile read for every Oracle DBA.

The Results Now In

We are excited to share the news that Database Specialists’ president, Roger Schrag, has been elected to the position of Vice President of the Northern California Oracle Users Group (NoCOUG) for 2002. NoCOUG is an independent, volunteer organization dedicated to the education and representation of the users of Oracle Corporation’s database and tools software. During his term, Roger plans to focus on improving the group’s educational value to its members. Learn more about NoCOUG at

One thought on “March 2002

  1. construct, but SQL*Plus as an option you had to pay for? That was news to me and I’ve been using Oracle since the days when you enetred your SQL commands using the “User Friendly Interface (UFI)”. I also remember talk back then of Oracle developing a procedural interface (the widely anticipated “Super-UFI”) which eventually arrived as PL/SQL. I always thought that SQL*Plus was just a renaming of UFI, just as the “Interactive Application Facility (IAF)” became SQL*Forms. We really had to pay extra for SQL*Plus?

Leave a Reply

Your email address will not be published. Required fields are marked *