Best Practices in Implementing Oracle Database Security ProductsEstuate, Inc.
Information is the world’s new currency. Databases are the digital banks that store and retrieve valuable information. The growing number of high-profile incidents in which customer records, confidential information and intellectual property are leaked, lost or stolen has created an explosive demand for solutions that protect against the deliberate or inadvertent release of sensitive information.Oracle is the global leader in relational database technology, and has built a rich set of database security products and database features within its product portfolio.
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...Insight Technology, Inc.
[db tech showcase Tokyo 2018] #dbts2018 #B31
『1,2,3 and Done! 3 easy ways to migrate to the cloud!』
Data Intensity - Director of Innovation Francisco Munoz Alvarez 氏
Oracle Database Vault has been on the market for a few years now. The product has been constantly improved over the years. But where is it worthwhile to use it? Which security measures can be implemented with it? And from whom does DB Vault protect me at all? In this presentation, the technical possibilities of Database Vault 19c / 21c will be explained in addition to the experiences from two customer projects. We will try to show where the use of Database Vault is worthwhile under certain circumstances and under which conditions it is not. This also includes whether protection against snakes and thieves is ensured. PS: I asked my children what kind of presentation I should submit.The answers were snakes, thieves and cheetahs…
What does a simple approach to extensibility look like? What does it mean to make adminsitration of cloud applications easy to use for a company? See a demo of the latest release of Oracle Applications Cloud extensibility for a view into extensiblity for the business system analyst. Participate in a conversation about what this means for businesses, both for IT organizations as well as for the line of business buyer.
Security Inside Out: Latest Innovations in Oracle Database 12cTroy Kitch
Oracle Database 12c includes more new security capabilities than any other release in Oracle history! In this presentation you will learn about these capabilities, as well as innovative new solutions to protect Oracle Database instances and non-Oracle databases. Hear how Oracle is responding to customer requirements to stay ahead of the evolving threat and regulatory landscape with new preventive controls that include data redaction and a new unified platform that provides database traffic monitoring and enterprise wide auditing.
I/O Microbenchmarking with Oracle in MindBob Sneed
This presentation I gave at the 2006 Hotsos Symposium discusses a passion of mine; micro-benchmarking things that are actually relevant to one's mission! All-too-often, I've seen people obsess over results from ad-hoc testing that seem to indicate that they have a problem - when in fact, their test bear no real resemblance to the demands of their actual workloads! The principles discussed here are also important outside the realm of Oracle.
Similar to Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Some easyways to make your DB more secure.pdf (20)
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
3. Mature
Born
here
Grow
up
Got
Married
Here
Now
Living
here
here
here
DBIS - Copyright 2010 3
4. The
Rule:
“The
most
important
rule
with
respect
to
data
is
to
never
put
yourself
into
an
unrecoverable
situaKon.”
The
importance
of
this
guideline
cannot
be
stressed
enough,
but
it
does
not
mean
that
you
can
never
use
time
saving
or
performance
enhancing
options.
5. Always Try it Before!
When
it
comes
to
theory,
“NEVER”
believe
anything
you
hear
or
read
unKl
you
have
tried
it
yourself.
5
46. Some
Oracle
Security
Tips
1)
Grant
privileges
only
to
a
user
or
applicaKon
which
requires
the
privilege
to
accomplish
necessary
work.
Excessive
granKng
of
unnecessary
privileges
can
compromise
security.
47. Some
Oracle
Security
Tips
2)No
administraKve
funcKons
are
to
be
performed
by
an
applicaKon.
For
example
create
user,
delete
user,
grant
role,
grant
object
privileges,
etc.
48. Some
Oracle
Security
Tips
3)
Privileges
for
schema
or
database
owner
objects
should
be
granted
via
a
role
and
not
explicitly.
Do
not
use
the
“ALL”
opKon
when
granKng
object
privileges,
instead
specify
the
exact
privilege
needed,
such
as
select,
update,
insert,
delete.
49. Some
Oracle
Security
Tips
4 ) P a s s w o r d
p r o t e c t e d
r o l e s
m a y
b e
implemented
to
allow
an
applicaKon
to
control
access
to
its
data.
Thereby,
end
users
may
not
access
the
applicaKon’s
data
from
outside
the
applicaKon.
50. Some
Oracle
Security
Tips
5)Access
to
AdministraKve
or
System
user
accounts
should
be
restricted
to
authorized
DBAs.
51. Some
Oracle
Security
Tips
6)
Do
not
grant
system
supplied
database
roles.
These
roles
may
have
administraKve
privileges
and
the
role
privileges
may
change
with
new
releases
of
the
database.
52. Some
Oracle
Security
Tips
7)
Database
catalog
access
should
be
restricted.
Example:
Use
“USER_VIEWS”
instead
of
“DBA_VIEWS”
for
an
Oracle
database.
53. Some
Oracle
Security
Tips
8)
Privileges
granted
to
PUBLIC
are
accessible
to
every
user
and
should
be
granted
only
when
necessary.
54. Some
Oracle
Security
Tips
9)
Any
password
stored
by
applicaKons
in
the
database
should
be
encrypted.
55. Some
Oracle
Security
Tips
10)
ApplicaKons
should
not
“DROP”,
“CREATE”
or
“ALTER”
objects
within
the
applicaKon.
56. Some
Oracle
Security
Tips
11)
UKlize
the
shared
database
infrastructure
to
share
cost
whenever
possible.
57. Some
Oracle
Security
Tips
12)
ApplicaKons
should
not
access
the
database
with
the
same
security
as
the
owner
of
the
database
objects.
For
example
on
SQL
Server
do
not
grant
the
“dbowner”
role
and
on
Oracle
do
not
use
the
Schema
userid
to
connect
to
the
database.
Setup
another
userid
with
the
necessary
privileges
to
run
the
applicaKon.
58. Some
Oracle
Security
Tips
13)
Database
integrity
should
be
enforced
on
the
database
using
foreign
keys
not
in
the
applicaKon
code.
This
helps
prevent
code
outside
the
applicaKon
from
creaKng
orphan
records
and/or
invalid
data.
59. Some
Oracle
Security
Tips
14)
Do
not
hard
code
username
and
passwords
in
the
applicaKon
source
code.
• Sqlplus
/nolog
@myscript
– Create
a
password
file
(.password)
fmunoz
evelyn
scoX
Kger
– Create
a
shell
script
getpwd.sh
fgrep
$1
$HOME/tools/.password
|
cut
–d
“
“
–f2
– Use
the
script
and
the
password
file
Getpwd.sh
fmunoz
|
sqlplus
–s
fmunoz
@script
• RMAN
rman
target
/
connect
catalog
user/pwd@catdb
60. Some
Oracle
Security
Tips
15)
Protect
your
Listener
(Cont.):
– LSNRCTL>
Set
Current
Listener
<ip_address>
– LSNRCTL>
Set
rawmode
on
– LSNRCTL>
Services
– LSNRCTL>
Stop
– LSNRCTL>
Set
startup_waitme
20
– LSNRCTL>
Set
logfile
redo01a
– LSNRCTL>
Set
log_directory
‘/u01/app/oracle/redo’
67. Some
Oracle
Security
Tips
21)
Implement
Audit,
soon
or
later
you
will
be
ask
to
tell
who
changed
that.
Please,
implement
a
purge
strategy.
68. Some
Oracle
Security
Tips
22)
Create
promoKon
procedures
(DEV-‐>TEST-‐
>PROD),
lock
your
producKon
environment
and
test
environment.
Don’t
forget
to
implement
and
document
a
change
register.
69. Some
Oracle
Security
Tips
23)
Implement
an
Indirect
Login
Policy
– Each
user
have
their
own
login
account
– Allow
connecKons
to
oracle
account
(OS)
only
thru
sudo
– This
will
leaves
an
audit
trail
of
acKons
70. Some
Oracle
Security
Tips
24)
Prevent
SYSDBA
connecKon
– Sqlplus
/
as
sysdba
• Change
SQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES=(NONE)
71. Some
Oracle
Security
Tips
25)
Avoid
Risk
ConnecKons
(Ext.
Procedures)
– Listener.ora
• (ADDRESS_LIST
=
(ADDRESS
=
(PROTOCOL
=
IPC)
(KEY
=
EXTPROC))
Remove
this
lines,
or
move
to
a
different
listener
72. Some
Oracle
Security
Tips
26)
Enable
Data
DicKonary
ProtecKon
Oracle
Recommends
that
customers
implement
data
dicKonary
protecKon
to
prevent
users
who
have
the
“ANY”
system
privileges
to
modify
or
harm
the
Oracle
data
dicKonary.
Set
07_DICTIONARY_ACCESSIBILITY
parameter
to
FALSE.
73.
PROGRAM
The Oracle ACE Program is designed to recognize and reward members of the
Oracle Technology and Applications communities for their contributions to those
communities. These individuals are technically proficient (when applicable) and
willingly share their knowledge and experiences.
The program comprises two levels: Oracle ACE and Oracle ACE Director.
The former designation is Oracle's way of saying "thank you" to community
contributors for their efforts; we (and the community) appreciate their
enthusiasm. The latter designation is for community enthusiasts who not only
share their knowledge (usually in extraordinary ways), but also want to increase
their community advocacy and work more proactively with Oracle to find
opportunities for the same. In this sense, Oracle ACE is "backward looking" and
Oracle ACE Director is "forward looking."