Infrastructure at your Service
With Oracle 21c, it is now possible to enforce a password policy (length, number of digits…) for all pluggable databases or for specific pluggable databases via profiles. This is done by creating a mandatory profile in the root CDB and this profile will be attached to corresponding PDBs. The mandatory profile is a generic profile that can only have a single parameter, the PASSWORD_VERIFY_FUNCTION. The password complexity verification function of the mandatory profile is checked…
Starting with Oracle 21c, a password of an application can be changed without having to schedule a downtime. This can be done by using the new profile parameter PASSWORD_ROLLOVER_TIME This will set a rollover period of time where the application can log in using either the old password or the new password. With this enhancement, an administrator does not need any more to take the application down when the application database password is being rotated….
In my previous blog I was testing the creation of a new Oracle 21c database. In this blog I am talking about two changes about the security. In each new release Oracle strengthens security. That’s why since Oracle 12.2, to meet Security Technical Implementation Guides (STIG) compliance, Oracle Database provided the profile ORA_STIG_PROFILE With Oracle 21c the profile ORA_STIG_PROFILE was updated and Oracle has provided a new profile to meet CIS standard : the profile…
Continuing from my first blog we will check some more access and authentication configurations. Focusing on removing unnecessary database privileges. After that we will configure the backend parameters correctly to have more robust PostgreSQL server/client sessions. And at last SSL encryption for these sessions will be configured.
This blog provides you with a short overview of easy to control settings that enhance your PostgreSQL security. Mostly by creating a separate group to assign privileged database members. And checking different logging and log rotations settings for better and more secure logging management.
Do you know the following situation: You are following a step by step tutorial on the web and on your environment does not work as expected because of SELinux. Your looking on search engines command how you can disable the SELinux… Does that sound familiar? On this Blog I will explain what SELinux are, where and how to use is. Let’s start! What is SELinux and why should I not disable it? SE stands for…
The authentication, the first level of security for each IT system, is the stage to verify the user identity through the basic username and password scheme. It is crucial to have a mechanism to protect and secure password storing and transmitting over network. In MySQL, there is plenty of different authentication methods available, and last versions improved the security of this concept.
During my last blog-post I experienced to use Azure backup to protect an on-premise Windows server. To recover data from Azure backup we need to use the Microsoft Azure Recovery Services console (MARS). This service and its management console have been installed during the setup of the Azure backup in the Windows Admin Center. When we open the Microsoft Azure Backup console, we directly visualize the jobs activity for the last 7 days in the…
Have you ever had this unhealthy sensation of being accused of facts that do not concern you? To feel helpless in the face of an accusing mail, which, because of its imperative and accusing tone, has the gift of throwing us the opprobrium? This is the purpose of this particular kind of sextortion mail that uses spoofing, to try to extort money from you. A message from a supposed “hacker” who claims to have hacked…
As I discussed in some of my recent talks at conferences (at the DOAG for example), MySQL 8 came out with new features which bring lots of improvements in terms of security.
