Oracle Database Application Security Book

Finally …

The Book is alive

For the first time the book which is dicussed critcal security issues such as database threats, and how to void them, the book also include advance topics about Oracle internet directory, Oracle access manager and how to implement full cycle single sign on,

Focus on the security aspects of designing, building, and maintaining a secure Oracle Database application. Starting with data encryption, you will learn to work with transparent data, back-up, and networks. You will then go through the key principles of audits, where you will get to know more about identity preservation, policies and fine-grained audits. Moving on to virtual private databases, you’ll set up and configure a VPD to work in concert with other security features in Oracle, followed by tips on managing configuration drift, profiles, and default users.

What You Will Learn:- 

  • Work with Oracle Internet Directory using the command-line and the console.
  • Integrate Oracle Access Manager with different applications.
  • Work with the Oracle Identity Manager console and connectors, while creating your own custom one.
  • Troubleshooting issues with OID, OAM, and OID.
  • Dive deep into file system and network security concepts.
  • First time chapter that include most of the critical database threats in real life.


You can buy the book now from amazon here




Active Trace Steps

There’s More than One Way to active Oracle Trace , This Topic will talk about how to do this ?

Lets Rock N Roll

1-Alter session set sql _trace Statement 

alter session set sql_trace = true;
Or ( The two Statement is equal )

alter session set events ‘10046 trace name context forever, level 1’;


dbms_session.set_sql_trace (true);

dbms_session.set_sql_trace (false);


dbms_support.start_trace (binds=>{true|false}, waits=>{true|false});

Or to Disable it


4-Alter Session set event
6-Oradebug Command

Ref Link :

Osama Mustafa 

Time drift detected. Please check VKTM trace file for more details

Error :

“Time drift detected. Please check VKTM trace file for more details”

Description :

This Error usually Appear After upgrade to regarding to MOS its Bug.


And you Check MOS Note For More Information About this Bug :

Time Drift Detected. Please Check Vktm Trace File For More Details. [ID 1347586.1]
Bug 11837095 – “time drift detected” appears intermittently in alert log [ID 11837095.8]

To fix the issue, Please download and apply patch 11837095 if available for your release/platform.

Download Patch From MOS/Patch Tab .


Osama Mustafa

Locking In Oracle

Locking in Oracle is one of the most common problem we will face as database administrator.

 is the locking Effect on Database performance ?

Yes . impede a transaction from finishing , since the Lock query Take long time running .

When the Locking Happened ?

I will Give you example :

Let assume that we have two Users Each Of them Update on the same table like the following :

User 1 :

SQL> update test set name=’lock’ where id=1;

1 row updated.

User didn’t commit here .

User 2 :
SQL> update test set name=’lock2′ where id=1;

User 2 will be waiting

Inforamtion about locks :
1-Locks scripts One.
2-Locks Scripts Two

Another way to Lock :

performing a DDL (alter,create….) and get an ORA-00054 error.

ORA-00054: resource busy and acquire with NOWAIT specified

 to solve this issue

SQL> select object_id from dba_objectswhere owner=’Username’  and object_name=’Table’;


SELECT c.owner,
FROM v$locked_object a, v$session b, dba_objects c
WHERE b.sid = a.session_id AND a.object_id = c.object_id
and a.object_id=;

Refer also to :

Osama Mustafa


As We All Know if you need to start/shutdown Oracle Apps you need go $ADMIN_SCRIPT_HOME In R12 Or $CONTEXT_HOME in R11

This Article Explain What These Scripts Do :

Master script to start all components/services of middle tier or application tier. This script will use Service Control API to start all services which are enabled after checking them in context file (SID_HOSTNAME.xml or CONTEXT_NAME.xml)

Master script to stop all components/services of middle tier or application tier

Script to start / stop apps listener (FNDFS and FNDFS). This listener will file will be in 10.1.2 ORACLE_HOME (i.e. Forms & Reports Home)
listener.ora file will be in $INST_TOP/apps/$CONTEXT_NAME/ora/10.1.2/network/admin directory
(Mostly similar to one in 11i with only change in ORACLE_HOME i.e. from 8.0.6 to 10.1.2 )

Script to start/stop Web Server or Oracle HTTP Server. This script uses opmn (Oracle Process Manager and Notification Server) with syntax similar to opmnctl [startstop]proc ohslike opmnctl stopproc ohs .

Script to start / stop concurrent manager,

Script to start / stop Forms OC4J from 10.1.3 Oracle_Home. This script will also use opmnctl to start/stop Forms OC4J like
opmnctl stopproc type=oc4j instancename=forms

This script is used only if you wish to start forms in socket mode. Default forms connect method in R12 is servlet.
If started this will start frmsrv executable from 10.1.2 Oracle_Home in Apps R12

This script will start/stop oacore OC4J in 10.1.3 Oracle_Home. This scripts will also use opmnctl (similar to adapcctl & adformsctl) to start oacore instance of OC4J like
opmnctl startproc type=oc4j instancename=oacore

 This script will start/stop oafm OC4J in 10.1.3 Oracle_Home. This scripts will also use opmnctl (similar to above) to start oacore instance of OC4J like
opmnctl startproc type=oc4j instancename=oafm

This script will start/stop opmn service in 10.1.3 Oracle_Home. opmn will control all services in 10.1.3 Oracle_Home like web server or various oc4j instances. If any services are stopped abnormally opmn will/should start them automatically.

Thank You 
Osama Mustafa 

Change Enterprise manager password for 11g

For the DB Control Release 11.2 and higher, you need to set the environment variable ORACLE_UNQNAME to the value of the DB_UNIQUE_NAME database parameter.

Steps :

1.Stop the DB Control
On Unix
$ emctl stop dbconsole

On Windows
Open a Command Window and type
**> emctl stop dbconsole

2.Check that the DB Control is stopped
 On Unix
$ emctl status dbconsole

On Windows
Open a Command Window and type
 **>emctl status dbconsole

3.Connect to the database as a user with DBA privilege with SQL*Plus and execute:

SQL> alter user sysman identified by ;
4.Check the new password
SQL> connect sysman/[@database_alias]
5.From the database directory $ORACLE_HOME/bin, execute:
On Unix

$ emctl setpasswd dbconsole
Provide the new SYSMAN password
On Windows

**>: emctl setpasswd dbconsoleProvide the new SYSMAN password
6.Restart the DB Control
On Unix
$ emctl start dbconsole
On Windows
Open a DOS Command Window and type
**>: emctl start dbconsole

Thank you 

Osama Mustafa