Oracle security

Oracle and security. What a sad joke!

Their critical patch update is a complete nightmare to apply, to put it mildly.

It looks like they might be addressing some of the zillions of problems with their source code, but what’s important with security fixes is how you deploy them.

Oracle hasn’t a clue about this.

My approach is once you have a database installed (that’s a miracle in itself), limit it to “trusted user” IPs with /etc/hosts.allow or firewall filtering. And pray.


If you like this, you might like the stateless Web kiosk software I develop. Webconverger typically replaces Windows on PCs and is deployed in public and business environments for ease of deployment and privacy. Once installed it auto-updates making it painless to maintain. Try it where you exclusively use the only viable open platform... the Web!