Biometrics

FingerprintDon Burleson over at Burleson Consulting has written an interesting survey of Oracle biometrics applications.

With the inherent problems associated with passwords Oracle security administrators are finding that Oracle biometrics is a more secure and cost-effective solution. Oracle biometrics system offer more secure environments and also remove the need to dedicate a help-desk person to manage changing passwords for hundreds of end-users.

It’s interesting to see what’s out there, but as Zach will always remind us, biometrics will not hold up in the long run. As biometrics become commonplace they will be hacked. What will you do when someone steals your fingerprints (or the digital representation of them.) You can’t change them. Hell, you can’t even keep from leaving them behind just about everywhere you go.

If a lock can be opened, it can be picked; and if your password can be used, it can be forged. The more common biometrics become (Don mentions in his article that fingerprint readers are now less than $31) the more folks will set their sights on hacking them. These devices work on common interfaces and pass their information over networks potentially exposing your personal password to unknown parties.

If biometrics catch on you could be required to provide fingerprint identification to use your credit card at your local convenience store. Do you really trust them, or worse yet, the government (who can’t even keep your SSN secure) with your password to your bank account, business account, desktop computer and medical history?

So if biometrics isn’t the holy grail of electronic security what is?

I don’t know what the future of password management is. The most holistic solution I’ve seen yet is the one that Zach and I proposed last year where users are provided with a “password change authorization code” which they are encouraged to keep with their birth certificate (or in another safe place) which allows them to change their password through a self-service page in the case of password loss.

biometrics, fingerprint, security, hacking, hacks, oracle

Oracle Auto Increment Columns – Part 2

Three separate people have commented on my previous article on How to Create Auto Increment Columns in Oracle asking how they can retrieve the value of an auto increment column for use later in their code. Well Daniel, Shaun and Zach, here’s the answer.

After you have referenced sequence.NEXTVAL for a particular sequence (or it is referenced on your behalf by, say, a trigger), you can then reference sequence.CURRVAL to get the value just used for NEXTVAL.

To illustrate this we’ll use the table, sequence, and trigger created in my previous article.

If we insert a row into the table test, the trigger test_trigger automatically calls test_sequence.NEXTVAL.

SQL> insert into test (name) values ('Matt');

1 row created.

We now have test_sequence.CURRVAL available in that session.

SQL> select test_sequence.currval from dual;

CURRVAL
----------
8

In this simple example we can confirm this is the same value just used with this simple query:

SQL> select * from test
where name='Matt';

ID NAME
---------- ------------------------------
8 Matt

Now if we wanted to use this value in another SQL statement, say for an insert on a table which uses this as a foreign key constraint, we can include it on our insert like this:

SQL> insert into tool (owner_id, tool)
values (test_sequence.CURRVAL, 'hammer');

1 row created.

SQL> select * from tool;

OWNER_ID TOOL
---------- ------------------------------
8 hammer

Of course, if we just want to see the value of test_sequence.CURRVAL we can select it from our favorite table dual.

SQL> select test_sequence.currval from dual;

CURRVAL
----------
8

For the table, sequence and trigger used here see my original article on auto increment fields.

Shifting Demand for Database Books

Donald Burleson of Burleson Consulting points out some interesting statistics from Tim O’Reilly on trends in the tech book market.

If we assume that people are buying books because of a market demand, we see Oracle is steep decline and SQL Server book sales up 83%, followed closely by PostgreSQL. We saw this exact same trend in 1992-1995 when Oracle books started to dominate the database book market, displacing DB2 and IDMS/R books.

As a whole, the big news is that database book sales are way-down with the exception of PostgreSQL and SQL Server books, which are up 83% and are now double the size of the Oracle market.

Check out Donald Burleson’s full article

Some of this shift may be due to the recent release of Microsoft SQL Server 2005. Dispite it’s small overall percentage, the growth in PostgreSQL book sales is significant enough to keep an eye on it in the near future.

Also interesting is the stagnation of the MySQL book sales, down 2% from last year. With the number of blogs, wikis and other relatively hot technologies running on MySQL I’m surprised this number is down.

In contrast to the book sales, Alexa, which measures a number of statistics to determine rank among web pages, shows increased web ranking for Oracle, MySQL and PostgreSQL, while showing decreased traffic to Microsoft’s corporate site.

Graph by Alexaholic.com

For the full scoop according to Tim O’Reilly, check out his articles State of the Computer Book Market, Part 1, Part 2, and Part 3.

books, book, tech books, technology, computers, database, dba, database administration, publishing, oracle

Thank You Oracle

Yesterday Scott Maziarz got this error in the log of an Oracle Application Server instance:

[Tue May 16 13:27:52 2006] [warn] long lost child came home! (pid 8134)

I can’t decide if this is a good thing or a bad thing.

funny, fun, error, error message, oracle, oracle application server, oas, dba, system administration, sysadmin, database administration

Banner/Oracle User Conference

Yesterday I attended a Banner/Oracle user conference at Wellesley College. This annual, one-day event of largely peer presentations was a great opportunity for networking and knowledge exchange. Here are some of the take-homes I got out of this conference in no particular order. These are just my observations and opinions and pertain to the scope of our institution and environment.

Oracle Database

Marc Kelberman, Oracle pre-sales engineer for higher-ed gave a presentation on RAC/Grid control and SQL Developer.

Very few have moved from 9i to 10g. Those who have, or will soon, are going straight to 10gR2.

It is important to go to the latest patchset for 10gR2.

Oracle’s RAC/Grid technology is very cool, but it is unlikely it would offer much to our small (6,000 student) university. Larger universities may benefit from it.

Grid/RAC requires a shared storage architecture.

It would take a great effort between systems, networking and database administrators to implement RAC/Grid.

Around 75% of the institutions I spoke to were running Oracle on Sun Solaris.

None of the institutions I spoke to were running Oracle on Linux.

None of the institutions I spoke to were running clustering/RAC/Grid Control.

Several institutions are running some type of network attached storage (NAS) to store their data files.

One institution (I believe this was the host institution, Wellesley) is running their Oracle home directories on network attached storage. This allows them to maintain only one oracle home per database version saving hours of work per upgrade.

Most institutions are still relying on cold backups as their primary backup method.

Only a couple institutions I talked to have adopted Oracle RMAN for backups.

Oracle SQL Developer

Marc did a good demonstration of SQL Developer, but this product is hard to appreciate until you’ve used it. Thankfully it’s free, so there’s no good reason not to test drive it.

Identity Management

Dan Sterling, Chief Technology Architect for SunGard Higher Education presented on SunGard HE’s plans for identity management. It looks like they will focus on integrating with third party tools via open standards.

Banner Student Information System

One university mentioned that when a user asks for a modification to their student information system they require that the user submit a request for product enhancement with the vendor before a local modification is made. This seems like a good policy.

Final thoughts

The relatively small number of attendees made this conference great for networking. It’s very interesting to interact with universities of different sizes. Some of the universities in attendance had one administrator for their Oracle databases, application servers and application support, while others have a large staff and highly individualized positions.

Though this conference happens near the end of the academic year it was a nice diversion from summer planning. Beyond the networking, the take-homes are more than worth the day out of work.

oracle, banner, sungard he, summit, conference, higher education, database, database administration, database development