Oracle Audit Trail Add Program Name

The program name attribute (V$SESSION.PROGRAM) is not by default passed to Oracle’s audit logs. It can be optionally included. To do so, apply Patch 7023214 on the source database. After the patch is applied, the following event needs to be set:

           EVENT='28058 trace name context forever'
           COMMENT='enable program logging in audit trail' SCOPE=SPFILE;

The table below summarizes key session attributres (V$SESSION) that are passed/not passed to Oracle auditing

Oracle E-Business Suite 12.2 Web Services Security: Authentication and Authorization

This is the seventh posting in a blog series summarizing the new Oracle E-Business Suite 12.2 Mobile and web services functionality and recommendations for securing them.

Once traffic is accepted and passed by the URL Firewall, WebLogic initiates the standard Oracle E-Business Suite authentication and authorization procedures. Web services are authenticated and authorized no differently than for end-users.

Oracle Listener Security New ORACLE 12.2 Firewall Feature

Service-Level ALCs is a new feature of the 12.2 Listener that allows every database service to have its own ACL. The ACL must be based on IP addresses and this feature allows multitenant pluggable databases (PDBs) to each have an ACL enforced by the Listener. This is because each PDB is a unique service registered in the Listener.

To implement this feature a new parameter FIREWALL must be used and has the following options:

Oracle Database Listener Security Guide – Rewritten For Oracle 12.2

In October 2002 Integrigy first posted a guide to securing the Oracle Listener. Since then this whitepaper has been our most popular download. This month we rewrote the whitepaper for Oracle 12c, inclusive of 12.2

Integrigy Consulting has found the Database Listener to be one of the most frequently overlooked security risks at customers. This whitepaper is an overview of the Database Listener, its unique security risks, and step-by-step recommendations for securing it are provided.

Integrigy COLLABORATE 17 Sessions - Presentations on Oracle Database, Oracle E-Business Suite, and PeopleSoft Security

Integrigy is presenting nine papers this year at COLLABORATE 17 ( The COLLABORATE 17 conference is a joint conference for the Oracle Applications User Group (OAUG), Independent Oracle Users Group (IOUG), and Quest International Users Group.

You can download a complete listing of Integrigy's sessions at Integrigy COLLABORATE 17 Sessions.



Oracle E-Business Suite Mobile and Web Services Security - What You Need To Know

Securing packaged software such as the Oracle E-Business Suite presents different challenges than securing bespoke custom software. Unlike custom software, both the structure of and the security vulnerabilities of the Oracle E-Business Suite are well known and documented, not only to users but also to threat actors.  To begin an attack, limited probing and/or reconnaissance is needed because threat actors know exactly what to target and what to expect.  This also makes the Oracle E-Business Suite, like other ERP platforms, vulnerable to automated attacks.

Oracle Database and New CPU End Dates

With the upcoming on-premise release of Oracle Database, Oracle has updated the Critical Patch Update (CPU) security patch end dates for and  Currently (as of January 2017), only and are supported for CPUs.

The CPU end-dates, which correspond with the end of Extended Support, have been extended to October 2020 for and July 2021 for  The first year of extended support for both versions is free until December 2018 for and July 2019 for


Subscribe to RSS

Add us to your favorite news reader.

Follow on Twitter

Get the latest updates.