Safest Way to Penetration Test an Oracle DB with Potential Data Loss

Similar Messages

• Problem with updating oracle DB with java date thru resultset.updateDate()

  URGENT Please
  I am facing problem in updating oracle database with java date through resultset.updateDate() method. Can anybody help me please
  following code is saving wrong date value (dec 4, 2006 instead of java date jul 4, 2007) in database:
  ResultSet rs = stmt.executeQuery("SELECT myDate FROM myTable");
  rs.first();
  SimpleDateFormat sqlFormat = new SimpleDateFormat("yyyy-mm-dd");
  java.util.Date myDate = new Date();
  rs.updateDate("myDate", java.sql.Date.valueOf(sqlFormat.format(myDate)));
  rs.updateRow();

  I believe you should use yyyy-MM-dd instead of yyyy-mm-dd. I think MM stands for month while mm stands for minute as per
  http://java.sun.com/j2se/1.4.2/docs/api/java/text/SimpleDateFormat.html
  (If this works, after spending so much of your time trying to solve it, don't hit yourself in the head too hard. I find running out of the room laughing hysterically feels better).
  Here is a more standard(?) way of updating:
  String sqlStatement=
  "update myTable set myDate=? where personID=?"
  PreparedStatement p1= connection.prepareStatement(sqlStatement);
  p1.setDate(1,new java.sqlDate());
  p1.setInt(2, personID);
  p1.executeUpdate();

• Is there a way to sync a local Oracle database with an online one?

  Hi guys,
  I like the Oracle DBMS and it is taught at my University. The problem is, for my final year project I'd like to create a Windows App in C# and an ASP website that synchronises it's database with the Application/local database.
  If I use Oracle as the db of choice for my Application, how would I mirror it online? I see there is .NET hosting that includes SQL Server. Is there anything like that for Oracle or do I need to learn SQL Server?
  If that was the case I might as well switch over to SQL server for both databases.
  Many thanks,
  Mike

  Oracle has several inbuilt features to do so, like Logical Standby Database, Oracle Streams and Change Data Capture.
  Devloping an application to do manually what Oracle already is doing would be an extreme waste of time.
  Reading Oracle documentation to implement one of the aforementioned features wouldn't.
  Even if you prefer Mickeysoft, Mickeysoft already has DTS.
  Don't Universities teach to refer to official documentation nowadays?
  Sybrand Bakker
  Senior Oracle DBA

• Problem when trying to refresh oracle screens with latest data

  hello experts,
  i have one problem,i want to refresh the oracle screen with the latest data from the data
  base.
  It is a two stage process.At first step one user will select a row from the screen and then he will press a button .
  now the second screen will appear and the detail of the employee will be displayed.
  First step has been completed and the data is coming in the second form via parameters and i can see the full information of the employee.
  Now i want to refresh the oracle form i.e. suppose if my dba has made any changes in the oracle table( EMP table) i want that after pressing the refresh button user can see the
  latest data from the database.
  in WHEN_BUTTON_PRESSED trigger i have written this codes.
  enter_query;
  execute_query;
  but they are not giving the expected result.
  And one more thing please suggest whether in the second form i should use database item
  or non database item.
  When i am using database item when i am trying to close second from one pop up is appearing
  and asking that whether i want to save the changes.
  please suggest how can i remove this message from my application.
  Regards
  Anutosh

  Hi,
  what data did you transfer via parameters to the second form ?
  how did you populate the datablock in the second form ?
  Typical solution would be:
  (For my example the block is both forms is named EMP, and is based on the table SCOTT.EMP)
  In Form 1, transfer the primary key-value of the current record to a global or parameter (will use global in my example):
  e.g. you have a WHEN-BUTTON-PRESSED-Trigger with the following code:
  <pre>
  :GLOBAL.EMPNO:=:EMP.EMPNO;
  CALL_FORM('FORM2');
  </pre>
  In Form 2, you have a WHEN-NEW-FORM-INSTANCE-Trigger with code:
  <pre>
  DEFAULT_VALUE('GLOBAL.EMPNO', NULL);
  IF :GLOBAL.EMPNO IS NOT NULL THEN
  GO_BLOCK('EMP');
  EXECUTE_QUERY;
  :GLOBAL.EMPNO:=NULL;
  END IF;
  </pre>
  On block EMP in Form 2 there is a PRE-QUERY-Trigger with following code:
  <pre>
  IF :GLOBAL.EMPNO IS NOT NULL THEN
  :EMP.EMPNO:=:GLOBAL.EMPNO;
  END IF;
  </pre>
  And at last, in your refresh-button would be the following code:
  <pre>
  :GLOBAL.EMPNO:=:EMP.EMPNO;
  GO_BLOCK('EMP');
  EXECUTE_QUERY;
  :GLOBAL.EMPNO:=NULL;
  </pre>
  Hope this helps

• Interface and conversion testing of SAP environments with Master Data

  Hi guy's
  Please let me know if some one of you know about SAP Conversion Project. Below you have more description:
  - testing of Interfaces from Legacy Systems
  - testing of conversion programs used in the conversion or transposition of data from legacy systems
  - data cleansing activities associated with conversion
  - identify and populate various SAP environments with Master Data necessary for both conversion and interface testing
  Any detail info in that and what kind of knowledge you need to have in some of project will be useful.
  Thanks in advance
  Adeel

  Hi Yannick,
  I am trying to do the exact same thing. Have you gotten any further on this issue?

• Call Oracle procedure with custom data type within Java and Hibernate

  I have a custom date TYPE in Oracle
  like
  CREATE TYPE DATEARRAY AS TABLE OF DATE;
  and I have a Oracle function also
  like
  CREATE OR REPLACE FUNCTION doesContain (list DATEARRAY, val VARCHAR2) RETURN NUMBER
  IS
  END doesContain;
  In my Java class,
  I have a collection which contain a list of java.util.Date objects
  When I call Oracle function "doesContain", how to pass my java collection to this Oracle function ...
  anyone can provide solutions?
  Please !!!
  Thanks,
  Pulikkottil

  Vu,
  First of all you need to define your types as database types, for example:
  create or replace type T_ID as table of number(5)Then you need to use the "oracle.sql.ARRAY" class. You can search this forum's archives for the term "ARRAY" in order to find more details and you can also find some samples via the JDBC Web page at the OTN Web site.
  Good Luck,
  Avi.

• Best way to handle selectedItem in a DropDownList with changing data

  I am looking for input on how you would handle this situation.  I am having a problem maintaining the selectedItem in a DropDownList which is comprised of values that are populated from a server at regular intervals. So, let's say that that I have a list of Animals, with the names Cat, Dog, and Bird, and Cat is the selectedItem.  Well, I have that list bound to a collection which I then refresh from the server every 5 minutes.  So, when the new Cat, Dog and Bird objects are returned from the server and put in that collection, the Cat item is deselected, and it looks like because it's actually a different object, with a different Object ID.  I tried saving off the selected item, populating the collection with the new data, and then going through the items in the collection to find the Cat and then setting the selected item, but I am having limited success with it. I am sure it's just a logic error on my part. But I can't help but think there must be an easier way than this to handle the situation.
  Any thoughts?

  So, here's what I ended up doing. Rather than replace the objects in my select list with the new objects returned from the server, what I do is update the objects in the select list from their counterparts in the new list. In other words, rather than replace the Pizza object in the drop down list with a new one, I find the Pizza object and then one by one update its attributes from the new Pizza object coming from the server. That way, my selectedItem still points to the same Pizza object, rather than object being replaced with a new object (and new Object ID) and then pointing to an undefined object.

• Oracle performance with increased data

  I have a table1 that is being accessed by process 1 (a store proc). This process runs for 1 to 2 hours and that is normal. Now I am going to add anew table2 and create a new process 2 (again a store proc). Will this slowdown the process 1 in anyway? I will not be running the two processes at same time (if i did it would obviously mean process1 will slowdown). I am just looking at the increased data volume in my database. Will addition of more data slow down oracle even though I am adding in a different table?
  The data I am talking here is huge. Both table1 and table2 each occupy almost 500GB. Each table has 200+ partitions. BTW, I am using 10g - 10.2.0.3.0.
  Edited by: user6794035 on Aug 12, 2009 4:26 AM
  Edited by: user6794035 on Aug 12, 2009 4:27 AM

  user6794035 wrote:
  why should CPU and resources come into play here? As I said nothing has changed except the data volume and two processes will not run at same time.
  Consider there is no process2. I just have table 1 and process1. I just added another table of the size I mentioned above (500GB). Just the fact, that I added more data in another table will slow down Oracle's processing speed in anyway?Not until and while you are actually performing processing against that table. Your question seems to indicate that you fear that the mere presence of a table in the database causes a performance impact.

• Importing data from Microsoft excel file to Oracle Database with Multiple Data Tables. Need expert advice and guidance

  I posted a query on Importing data from Microsoft Excel to Oracle Database (Multiple Data Tables). I got some answer and reference from the forum.
  I presented to my Oracle consultant and representative from Oracle Malaysia. They said impossible. I do not believe what they said. I do believe can be done.
  Can someone help or direct me to an expert that can help me on this

  e90f478a-c529-4c48-b189-51eebeaed477 wrote:
  I posted a query on Importing data from Microsoft Excel to Oracle Database (Multiple Data Tables). I got some answer and reference from the forum.
  I presented to my Oracle consultant and representative from Oracle Malaysia. They said impossible. I do not believe what they said. I do believe can be done.
  Can someone help or direct me to an expert that can help me on this
  We don't know the "query on Importing data from Microsoft Excel to Oracle Database (Multiple Data Tables). "
  We don't know where you posted said query.
  We don't know what "some answer and reference" you received "from the forum."
  We don't know what it was that your "Oracle consultant and representative from Oracle Malaysia" said was "impossible".
  So on what basis are we supposed to "help or direct" to "to an expert that can help "?

• Oracle 9i with 500GB data

  Hi,
  our company is planning a data warehouse and are planning to propose an Oracle solution. The database of the warehouse would initially be 200GB and will grow upto 1 terabyte. Can someone tell me what kind of hardware configuration should we go for? Can we look at Oracle9i on windows 2000 advanced server for it?
  Regards,
  Harini

  My Priorities for this environment would be:
  Multiple file volumes with multiple RAID Channels (You are going to want to partition or stripe your data as much as possible)
  Multiple CPUs (will allow for Parallel Queries and Parallel Direct Dataloads)
  64 bit CPUs that will allow for more memory addressing and thus more physical memory (More DB Buffers, Larger Shared Pool, More in memory sorts)
  A secure and reliable 64 bit OS that will not require constant reboots to clear problems.

• Is there a way to import a indd CS4 file with its Data Fields names and properties into CC?

  I have to convert numerous files from CS4 to CC. The CS4 files are using external data from a CSV file. When I open the file in CS4 I can enable the preview and see the data from the CSV file. But when I save the file as indd or idml and try to open it in InDesignCC then I can't see the data as preview. I can see the Data fields (text).I think it's because it doesn't recognize the data fields from the CS4 file. If I delete a data field and remap it I will be able to see the preview for the field I just mapped. the other fields remain the unchanged, like they were just text.
  Any help with this topic will be very appreciated. I have about 70 data fields per document and about 100 documents to go through.
  Update: The symbol for a data field, ex: «fullname_2» change size when I delete and remap it. Explanation: When I open the CS4 file in IndesignCC I can't view a preview of the Data field(s) (almost positive because it's plain text). The data fields show like this «fullname_2». But when I delete that and drag a field from the data field list it shows like this <<fullname_2>>. So definitely, CC is not reading the data fields from InDesign CS4.
  P.S.: The fields above («fullname_2» and <<fullname_2>>  are copy and paste from Indesign CC.

  I'm attaching this image so this forum can notice the difference on the Data fields from CS4 and the ones added on CC

• HT1451 Easiest way to transfer iTunes library and playlists with ALL data?

  Question in title.
  Why is this so hard?

  Nevermind found the answer: https://discussions.apple.com/message/12933354?messageID=12933354&#12933354

• Is there any Recommended Tools by Oracle for doing Penetration Testing

  Is there any Recommended Tools by Oracle for doing Penetration Testing in Oracle CRM On Demand (Single Tenant Environment.)

  HI,
  as far as I know Oracle not encouraged customers to perform this kind of tests.

• Updating Oracle table with info from Sybase query

  I hope this is the correct forum for this question.
  I am fairly new to Java and JDBC. I am trying to figure out what the best method for updating information in Oracle tables with data from a Sybase table. I would prefer to use Oracle’s transparent gateway but this is not an option my company will pay for so I am creating a java stored procedure and using JDBC to connect to the Sybase database.
  The process I think I need to go thru is
  1.     Query an Oracle table to get the records that need to be updated and the “key” information to query the Sybase table with.
  2.     Use that result to query the Sybase database to get the fields that need to be updated in the Oracle table for those records.
  3.     Update the records on the Oracle table with the data from the Sybase query.
  I know I can just do this procedurally, row-by-row, but I was wondering if anyone knows of a way to accomplish this with SQL and no loops. Is there a way to make a result set available as a “SQL table” for another JDBC query?
  Basically what I would like to do is:
  OraQuery = “ select sybinfo from sometable where updated_date = null”;
  Statement orastmt1 = OraConn.createStatement();
  ResultSet Orars1 = orastmt1.executeQuery (OraQuery);
  SybQuery = “select update_date, sybinfo from sybtable where sybinfo = Orars1.sybinfo”;
  Statement sybstmt = SybConn.createStatement();
  ResultSet Sybrs = sybstmt1.executeQuery (SybQuery);
  OraUpdate = “update (select update_date from sometable, Sybrs where sometable.sybinfo = Sybrs.sybinfo) set update_date = Sybrs.update_date”;
  Statement orastmt2 = OraConn.createStatement();
  ResultSet Orars2 = orastmt2.executeQuery (OraUpdate);
  This may not be possible but if anyone has done something similar and wouldn’t mind sharing I would appreciate it. If there is a “better” way of accomplishing this I am open to suggestions.
  Thanks

  you can try using cachedRowSet() for the Oracle side query.
  The rows in this could be populated using the sybase side query's resultset and then all of this could updated into Oracle in one shot.

• New version of sapyto - SAP Penetration Testing Framework

  Hello list,
  I'm glad to let you know that a new version of sapyto, the SAP Penetration Testing Framework, is available.
  You can download it by accessing the following link: http://www.cybsec.com/EN/research/sapyto.php
  News in this version:
  This version is mainly a complete re-design of sapyto's core and architecture to support future releases. Some of the new features now available are:
  . Target configuration is now based on "connectors", which represent different ways to communicate with SAP services and components. This makes the
  framework extensible to handle new types of connections to SAP platforms.
  . Plugins are now divided in three categories:
       . Discovery: Try to discover new targets from the configured/already-discovered ones.
       . Audit: Perform some kind of vulnerability check over configured targets.
       . Exploit: Are used as proofs of concept for discovered vulnerabilities.
  . Exploit plugins now generate shells and/or sapytoAgent objects.
  . New plugins!: User account bruteforcing, client enumeration, SAProuter assessment, and more...
  . Plugin-developer interface drastically simplified and improved.
  . New command switches to allow the configuration of targets/scripts/output independently.
  . Installation process and general documentation improved.
  . Many (many) bugs fixed. :P
  Enjoy!
  Cheers,
  Mariano

  Hi Mariano,
  Thanks for the update.
  We implemented secinfo restrictions 5 years ago, but used a rather complicated approach. We did some tests today (the "local" setting works okay so far) and will continue tomorrow.
  We now use the HOST and USER-HOST set to "local" and let the application security deal with who-can-do-what and this works quite well; though we have encountered some external 3rd party server programs in some cases. It seems to be popular amongst the business folks and some of the products use the gateway monitor to comunicate with the SAP system to find out when it has completed processing.
  I think this is a design error, but they of course think otherwise
  What was interesting to note, was that we locked ourselves out of an unprotected system. We changed the gw/monitor from 2 to 1 in a test. This worked. But then the gwmon cannot be used to change it back to 2! To we tried RZ11, and experienced the same. So we changed it to 0 in a test, and then 1 was blocked as well. This appears to be implemented in the kernel, as even hobbling the application coding does not help. The parameter is only dynamic when decreasing the value and increasing the security.
  We had to restart the whole system for the instance profile to take effect again. Rather noisy and a few developers could take an additional 10 minute coffee break as a result
  We are testing this on 3 different releases with different config:
  - 4.6C (46D)
  - 6.40
  - 7.00
  The different config relates to:
  - gw/sec_info
  - gw/monitor
  - auth/rfc_authority_check
  Our intention behind this is to improve baseline security and harden some special systems further.
  Cheers,
  Julius