Author: Alex Gorbachev

Exploiting SYSDBA Invoker Rights Using Trigger on Database

This is a follow up on my previous post about SYSDBA keeping invoker rights when calling PL/SQL procedure. Working on the previous test case a bit more I figured that the same anomaly is observed with triggers. So here is one way to get your PL/SQL code called by a SYSDBA. In this case you need to be able to create trigger on database, i. e. need privileges ADMINISTER DATABASE TRIGGER and CREATE TRIGGER.

Read More >

Oracle 10.2.0.3 CRS – Missed Heart Beats Format in ocssd.log

Oracle CRS 10.2.0.3 patchset changed the logging of missed heartbeats by CSS. Here is example how heartbeats misses are logged in ocssd.log in 10.2.0.3:

Read More >

Cock & Lion Ale House

Doug Burns has spent 4 weeks in our Ottawa office and now he is back home to Madeline and boys. Yesterday, before he left, we had the lunch at Cock & Lion Ale House:

Read More >

Oracle Upgrade to 10.2.0.3 – Watch for ORA-600 [22635]

When checking for new known issues with 10.2.0.3 patchset on Metalink I discovered that an upgrade problem was added – Metalink Note 401435.1. The issue affects all 64 platforms especially when database is upgraded from any previous 32 bit release.

Read More >

MySQL GROUP BY and DISTINCT Oddity

At the end of my last MySQL post I mentioned strange behavior with GROUP BY and DISTINCT. This MySQL “feature” could save some resources on sorts and aggregates but generally I would avoid it as this is not portable solution. Generally speaking, query output is non-deterministic — it depends on the full table scan implementation and on the physical order of rows in a table. This means that it’s actually a bug and , instead, MySQL should produce and error on those statements.

Read More >

ORA-07202: sltln: invalid parameter to sltln

I’ve started to use DBCA more and I try to use its template management capabilities. It looks like templates is not the most robust feature of Database Configuration Assistant. Sometimes, there are issues when I want to reuse template. I reviewed the parameters and found that control_files is set to an empty string. Checked Metaclick and, indeed, this error is related to empty control_files parameter.

Read More >

Change Your OTN Forums Account Email?

Not that I participate there often but couple months ago I pulled out my 7 years old account there and wanted to change its password. To my surprise – I’m not able to do it.

Read More >

Calling Definer-Rights Procedure as SYSDBA – Security Hole?

In one of my previous posts I mentioned SYSTEM_PRIVILEGE_MAP view. Taking this thread further, I looked into another nice view – V$ENABLEDPRIVS – showing the privileges enabled for the session at the moment. It should be pretty useful if you decide to add some diagnostics into your application. You might also find it very helpful to call from PL/SQL.

Read More >

Yes, More and More and Moore… but Different!

We humans are not able to process large amount of precise data. In any human–readable report, we don’t need more than ten or twenty lines of numbers. Every time we look at processes or data more complex that that, we employ simplifications — graph trends, mind–mapping, aggregations, and so on. How will we make computers process information just as humans do? Perhaps we can find the answer inside ourselves if we figure out how our minds work. We recognize images even though our brain is not capable of processing huge amounts of data in milliseconds.

Read More >

MySQL – No Index Used With ORDER BY + LIMIT and DISTINCT

MySQL – No Index Used With ORDER BY + LIMIT and DISTINCT. This is actually a follow up on my previous post. Developers tried to rewrite all statements and even overdid it. As we say in Russia – “teach fool how to pray and he will break his forehead”.

Read More >