One has to Patch Up!

CIOL Bureau
Updated On
New Update

Vulnerabilities in Microsoft products are not unheard of and have, in fact, become a very common feature. However, instances of vulnerabilities in products from vendors like Oracle were not common until the recent past where several products from Orcale's stable reported severe vulnerabilities.


It may not be wrong to say that probably Oracle has invited hackers (trouble) for itself, who made Oracle products also their target after Oracle's CEO Larry Ellison declared that his company's software were 'unbreakable.' More than 40 vulnerabilities were reported for Oracle's products, there were security loopholes in its Database Server's Listener element, the Portal and iSQL*Plus components, Orcale's Enterprise Manager, to name a few. Orcale reported the severity of these security holes as Level 1 and issued patches to fix them.

Solution providers say that nothing much can be done about this, as security flaws have become very common these days and no software is unbreakable specially network applications are bound to face such vulnerability issues. However, careful database and network design can prevent them from being exploited, to a certain extent.

Database administrators should allow limited access to databases, only applications that need a particular database should be allowed to use it.

If your database is directly linked to a Web page, intruders can attack the database using SQL or cause buffer overflows on the application server. This can be prevented by validating input for type and length before submitting it to the backend database. If the code is written keeping all validations in mind, buffer overflows can be prevented as only clean data is sent to the database.


In case of a three-tier architecture, where data is submitted to the backend database via the application server, developers have to depend upon the server vendor to prevent buffer overruns and SQL attacks. In this case there is nothing much in the hands of the developer because security can be breached if there is vulnerability in the application server.

What one can possibly do is keep patching up the products, that one uses, from time to time to avoid security breaches. Companies like Microsoft and Oracle have made this easy by rolling out a monthly patch update cycle. However, there is a word of advice here, one should never rush into installing updates, some time should be spent to check the patch before installing them. Users should read the 'details' button to read the patch description before installing it. Each Microsoft patch has a unique identification number that can be entered into Microsoft's Knowledge Base ID search form, here, for a detailed explanation. So, look before you Patch!