Oracle database administrators beware… 

PC World is reporting that a leading security researcher has uncovered several security holes caused from “stupid” programming errors. These mistakes can give an attacker the ability to steal data among other things. mong the holes found where SQL injection vulnerabilities and tyhe ability to circumvent the auditing capability in 11g and other versions of the databases.

The researcher that discovered the errors said pointed out that “Oracle must educate their own development team because they should normally avoid these simple security vulnerabilities.” Some of the errors discovered in 11g point to architectural prblem in the product.

Oracle will likely have to develop patches for the holes discovered. However, the patching of the Oracle databases will require time and effort for the DBA’s.

 See the full article on PCWorld.com at http://www.pcworld.com/article/id,136699-c,applicationbugs/article.html