Two papers on Oracle 11g Security
Hey all,
Since there seems to be a fair bit of disinformation, and utter nonsense,
floating around since my talk at the Black Hat Federal security conference
the other day, I have decided to publish the following papers.
http://www.databasesecurity.com/HackingAurora.pdf
http://www.databasesecurity.com/ExploitingPLSQLinOracle11g.pdf
Whilst the papers were written on the 14th and 21st of October respectively,
Oracle were informed on these issues discussed in these papers on the 11th
and 13th of October 2009.
The slides from the talk can be found here:
http://www.databasesecurity.com/bh-DC2010.pdf
Cheers,
David Litchfield
相关文档:
假设有张表,叫table1,里面有5000万行数据,假设预计全表扫描1次需要1个小时,我们从过程来看:
1、在1点钟,有个用户A发出了select * from table1;此时不管将来table1怎么变化,正确的结果应该是用户A会看到在1点钟这个时刻的内容。这个是没有疑问的。
2、在1点30分,有个用户B执行了update命令,更新了table1表中的� ......
delete from tbl_talbe
where (col1,col2,col3) in
(select col1,col2,col3
from tbl_table
group by col1,col2,col3
&nbs ......
oracle startup时 报错ORA-00600: 内部错误代码,参数: [kcratr1_lostwrt], [], [], [], [], [], [], []
原因可能是非法关机或掉电造成,以下是出现的问题及解决方法:
C:\Documents and Settings\Administrator>sqlplus
请输入用户名: /as sysdba
SQL> startup
ORA-01081: 无法启动已在运行的 ORACLE ......
UpSert功能:
MERGE <hint> INTO <table_name>
USING <table_view_or_query>
ON (<condition>)
WHEN MATCHED THEN <update_clause>
WHEN NOT MATCHED THEN <insert_clause>;
MultiTable Inserts功能:
Multitable inserts allow a single INSERT INTO .. SELECT statement to ......