Oracle Database Application Security Book

Finally …

The Book is alive

For the first time the book which is dicussed critcal security issues such as database threats, and how to void them, the book also include advance topics about Oracle internet directory, Oracle access manager and how to implement full cycle single sign on,

Focus on the security aspects of designing, building, and maintaining a secure Oracle Database application. Starting with data encryption, you will learn to work with transparent data, back-up, and networks. You will then go through the key principles of audits, where you will get to know more about identity preservation, policies and fine-grained audits. Moving on to virtual private databases, you’ll set up and configure a VPD to work in concert with other security features in Oracle, followed by tips on managing configuration drift, profiles, and default users.

What You Will Learn:- 

  • Work with Oracle Internet Directory using the command-line and the console.
  • Integrate Oracle Access Manager with different applications.
  • Work with the Oracle Identity Manager console and connectors, while creating your own custom one.
  • Troubleshooting issues with OID, OAM, and OID.
  • Dive deep into file system and network security concepts.
  • First time chapter that include most of the critical database threats in real life.


You can buy the book now from amazon here




compile invalid objects in an APPS (EBS)

You need to know Count of Invalid Object for your APPS :


For a more detailed query, use the following script :


To recompile an individual object, connect to SQL*PLUS as the owner of the object (generally apps) and use one of the following depending on the object type :

alter package compile; (package specification)
alter package compile body; (package body)
alter view compile; (view)

If the object compiles with warnings, use either of the following to see the errors that caused the warnings :

show errors


select * from user_errors where name = '';

Another way to correct invalid objects is to run the adadmin utility as follows:

1. Log in as APPS User : /

2. Start the adadmin-Utility from the Unix prompt with this command :


The utility will then ask you a series of questions.

3. Under the Maintain Applications Database Objects Menu, select Compile APPS schema(s)

Other Way :
Also try running $ORACLE_HOME/rdbms/admin/utlrp.sql ( as sysdba )

Within Applications, there is a script to compile INVALID objects – called ADCOMPSC.pls

 Arguments for ADCOMPSC.pls :

1 – Schema to run in
2 – Password for schema
3 – Check errors for objects starting with #3

NOTE: The order in which to compile Invalid Objects in schemas is SYS, SYSTEM, APPS and then all others. APPS_DDL and APPS_ARRAY_DDL should exist in all schema’s. In case of an ORA-1555 error while running adcompsc.pls, restart the script.

The script can be run as followed :

cd $AD_TOP/sql
sqlplus @adcompsc.pls SCHEMA_NAME SCHEMA_PASSWORD %

Example : SQL> @adcompsc.pls apps apps %

After the script completes, check for invalid objects again. If the number has decreased, but invalid objects still exist, run adcompsc.pls again. Keep running adcompsc.pls until number of invalid objects stops decreasing.

If there are any objects still left INVALID, verify them by using the script ‘aderrchk.sql’ to record the remaining INVALID objects. ‘Aderrchk.sql’ uses the same syntax as ‘adcompsc.pls’. This script is also supplied with the Applications. Send the aderrchk.sql to a file using the spool command in sqlplus.

e.g. sqlplus x/y @aderrchk.sql SCHEMA_NAME SCHEMA_PASSWORD %

For objects which will not compile, try the following :

select text
from user_source
where name = 'OBJECTNAME'
and text like '%Header%';

This script will provide the script that creates the packages/recreates the packages.


If recreating the package does not make the package valid, analyze the user_errors table to determine the cause of the invalid package :

select text
from user_errors
where name = '';

Thank You
Osama Mustafa

How To Secure/Unsecure your Oracle Application Server 10g

Regarding To Oracle Support Document Please Follow the below steps to Secure and Unsecured Oracle AS

Secure Oracle AS 10g :

1.Stop iasconsole

emctl stop iasconsole

2.Secure iasconsole 

emctl secure iasconsole

3.Start iasconsole 

emctl start iasconsole U

Unsecuring Oracle AS 10g

1.Stop iasconsole

emctl stop iasconsole

 2.Update Oracle As Console StandAlone OC4J to support unsecure port :


<web-site <span="" display-name="Oracle Enterprise Manager iAS Console Website" host="[ALL]" port="" style="color: red;">


<web-site <span="" display-name="Oracle Enterprise Manager iAS Console Website" host="[ALL]" port="" style="color: red;">

3.In same File 


<ssl-config needs-client-auth="true" keystore="server/keystore.test" keystore-password="%EMD_KEYSTORE_PASSWORD%" />


<ssl-config needs-client-auth="false" keystore="server/keystore.test" keystore-password="%EMD_KEYSTORE_PASSWORD%" />

4.Update AS Console Local Management Agent to support the unsecure HTTP protocol.
The EMD_URL property in


needs to get switched back to the HTTP (non-secure) protocol.





5.Update the standAloneConsoleURL property of oracle_ias target.
Edit the file


to change the StandaloneConsoleURL property of oracle_ias target to switch back to the HTTP (non-secure) protocol.


<target ...="" name="EnterpriseManager." type="oracle_ias"> <... <property 0);"="" 0,="" color:="" name="StandaloneConsoleURL" rgb(255,="" value="https://:/emd/console"/>
<target ...="" name="EnterpriseManager." type="oracle_ias"> <... <property 0);"="" 0,="" color:="" name="StandaloneConsoleURL" rgb(255,="" value="http://:/emd/console"/>

6.Start iasconsole
emctl start iasconsole