Posts

Cross-Site Scripting (XSS)

By
Cross-Site Scripting (XSS) Introduction Cross-Site Scripting (XSS) is a web security vulnerability that allows an attacker to inject malicious code, usually JavaScript, into a web page viewed by other users. The vulnerability happens when an application takes untrusted input and includes it in a page without properly encoding or sanitizing it first. When the browser receives the response, it treats the malicious code as legitimate content coming from the trusted website and executes it. Depending on the application, XSS can be used to steal session cookies, impersonate users, modify page content, or perform actions on behalf of the victim. Reflected XSS Reflected XSS happens when user input is immediately returned in the server response without proper encoding. A common example is a search page. Request /search?q=laptop Response You searched for: laptop If the application simply prints the value without encoding it, an attacker could...
Post a Comment
Read more

Oracle Multitenant Architecture Explained: CDB vs PDB vs CDB$ROOT (Simple Guide)

By
Oracle Multitenant Database: What the Heck Are All These Containers? So you're diving into Oracle multitenant databases and you keep hearing about CDB this, PDB that, and a bunch of confusing container names? Yeah, I've been there. Let me break this down in a way that actually makes sense. The Apartment Building Analogy (Because Who Doesn't Love a Good Analogy?) Imagine Oracle multitenant architecture like an apartment building. Seriously, just bare with me here. When Oracle talks about a CDB (Container Database) , they're talking about the whole building. It's not a room you can walk into - it's the entire structure. All the plumbing, electricity, the foundation, the roof... everything that makes the building work. Here's the thing though: you can't just "be in the building." You're always in a specific room or apartment. The CDB is just the name for the whole setup. CDB$RO...
Post a Comment
Read more

Oracle Bequeath Connection Explained: Complete Guide with SQLcl and ORDS Examples

By
Image
Everything About Oracle Bequeath Connections What's a Bequeath Connection? A bequeath connection is an Oracle-specific connection method (protocol) that allows a client to connect directly to a database instance, bypassing the TNS listener. Instead of using TCP/IP, the client requests a dedicated server process locally using IPC (inter-process communication). 📌 Key Requirement The client and the database must be on the same server (same OS). 📌 Why Use Bequeath Connections? Improved performance: The connection does not use TCP/IP. Communication happens via local IPC, which is faster for local connections. OS authentication (no database password required): Since the connection is local, the database checks the OS user account instead of a database password. The user must belong to the OSDBA group (for example, the dba group on Linux). How It Works: Connectio...
Post a Comment
Read more

Alternative to ALL_SYNONYMS view

By
                 The SYS.ALL_SYNONYMS view is used to get all the details of existing synonyms accessible to the current user. However, SYS.ALL_SYNONYMS has some known performance issues — and at the time I'm writing this blog,   hey still haven’t been resolved.   This becomes an issue if your database has a huge number of synonyms . (Yeah, sounds like a long shot, but believe me, speaking from experience — it can definitely happen.) So, if your application has a PL/SQL block that's querying this view, you might want to consider updating your code to avoid referencing it altogether. So the question is What's the alternative? I had the same question! And then a smart teammate of mine suggested using DBMS_UTILITY.NAME_RESOLVE. (s/o to Gerardo!) What is DBMS_UTILITY.NAME_RESOLVE? This is a built-in Oracle procedure that helps you resolve the components of a name in the database — things like the object name, schema, dblink, and t...
Post a Comment
Read more

Non-Interactive ORDS Installation with custom database XOR PL/SQL gateway user.

By
             Non-Interactive ORDS Installation process   This blog will provide some examples for non-interactive install/upgrade, it covers multiple scenarios specially if you want to install ORDS with a custom database XOR PL/SQL gateway user.  Note: During installation, ORDS_PUBLIC_USER will always be created, you can define its password via --proxy-user sub-command, or otherwise a random password will be generated.  Install/Upgrade ORDS with default user  1.1.  Install:  The runtime and database user is defaulted in this case to ORDS_PUBLIC_USER. Within the configuration file, the db.username will be set to ORDS_PUBLIC_USER, and its password will be stored within the wallet. Consider using  "--proxy-user" sub-command if you want to define a password for ORDS_PUBLIC_USER. Secret file contains the password for the admin user (SYS in this case).   ords --config  /path/to/config  install   ...
Post a Comment
Read more