Niti jedan sistem nije neranjiv stoga ni Oracle baze podataka nisu iznimka. Pogreške koju hakeri mogu iskoristiti za "upad" u sistem je uvijek moguće pronaći. Budući da je Oracle baza podataka jedna od najomiljenijih, postala je primarni cilj hakera. Sigurnosnih rupa koje nehotice proizvedu autori raznih aplikacija koji imaju potrebe za sistemskim privilegijama je mnogo. Bitno je da smo toga svjesni i da prepoznajemo potencijalne sigurnosne rupe. Jer samo na takav način možemo te rupe i "zakrpati" odnosno jedino tako sustav može biti zaštićen.
Na predavanju ćemo pogledati nekoliko najčešćih grešaka, koje čine našu bazu podataka ranjivom. Isto tako provjeriti ćemo načine na kojima se zasniva siguran sustav. Na kraju ćemo pogledati i praktičan primjer, kako sa "create session" privilegijama dođemo do uloge DBA.

Hacking and defending Oracle
There are no unvolnuerable systems. The Oracle databases are no exception. An expert can always find a flaw that a hacker can abuse. As the Oracle database gains popularity it also gains interest of hackers. There are many security issues that are made by the application developers themselves. They often need system privileges but are not skillfull enough to take enough precaution. For the safety of your data it is crucial to be aware of these potential flaws and security issues. This is practically the only way to begin to avoid problems that can follow.
The presentation will show some of the most common mistakes made, that make our database volnuerable to hackers. Afterwards you will see what precaution you can take to build a safer system.
In the end you will see an example of how to get DBA role just by using a create session.

Detalji o predavanju

Vrsta: Predavanje / Lecture

Razina težine: Srednje detaljno / Detailed

Poželjno iskustvo slušatelja: Iskusni (2-3 g.) / Experianced

Poželjna funkcija slušatelja:
DBA
Sistem Analitičar / System Analist
Developer

Predviđeno vrijeme trajanja rada - aktivnosti: 30 min

417_Oblak_hacking_oracle.pdf 797,35 kB

O predavaču

Hakerska invazija i zaštita Oracle baza podataka

Boris Oblak

Abakus plus d.o.o.

Boris Oblak je direktor razvoja u tvrtki Abakus plus d.o.o. od godine 1992. Diplomirao je godine 1987. na Fakultetu strojarstva u Mariboru. Sa Oracle bazom podataka radi već od verzije 5 nadalje. Sa kolegom 1996.g. uspješno je migrirao bazu podataka Oracle 7.1.5 na linux OS. Sa verzijom Oracle 8 tvrtka Oracle zvanično je podržala OS linux. Linux je danas prvi operativni sustav u tvrtki Oracle. Sada uglavnom radi na administraciji i optimizaciji baze podataka Oracle (DBA).
Koautor je aplikacije Flight Information System u zračnoj luci Ljubljana i glavni autor aplikacije Arbiter - revizijski tragovi. Godine 2004 položio je Oracle Certified Professional DBA certifikat.
Bio:
Boris Oblak, the head of research at Abakus plus d.o.o., is in charge of the IT research department since 1992. He graduated in 1987 from Faculty of Mechanical Engineering at University of Maribor. He started working with Oracle database at version 5. He and hist coleague were successful in porting Oracle database 7.1.5 to linux in 1996. With version 8 linux became an officialy supported platform for the Oracle database. Since then Oracle uses linux as their primary development platform and focused their efforts into administration and optimization of their database.
Boris is also a co-author of the Flight Information System application that is used at the „Jože Pučnik Airport“, which is the biggest airport in Slovenia. He is the main author of the Arbiter, which is an application for audit trail management. In the year 2004 he became Oracle Certified Professional DBA.