Until oracle 12.2 index statistics are still sample-based using an iterative method when ESTIMATE_PERCENT is set to AUTO_SAMPLE_SIZE . Recently when analyzing a performance problem in one of our 19C databases i discovered an interesting but undocumented change (as i’m aware off).Continue reading
Although The AWS cloud offers the wider range of security services than the other providers and the highest level of customization of any vendor, in my opinion something is still missing.
The ORACLE cloud compared to AWS come with many predefined security recipe which allow more automated enforcement of security practices with far less configuration . For inexperienced user this can be very helpful for enhancing the overall security without requiring additional manual effort and reducing human error.Continue reading
I will start a series of short blogs posts showing some cool Oracle cloud feature that i would love to see also on AWS Cloud. Of course this is my point of views , every one can disagree :p
In this first blog post we will start by looking at what is known on the oracle cloud as “Compartement”Continue reading
If like me you like having the full picture of the system, then you may want to install statspack at the CDB level. Ok it’s not supported but every one has his own position on that :p Franck Pachot already wrote about that a while ago :
One important missing piece of information (among others) when doing that is that it will not capture the different sql statement at the PDB level, for that we will need to install statspack at the PDB level also but there is another alternative : Statspack on steroids :pContinue reading
When migrating from oracle database to PostgreSQL there are a lot of thing to do and check , we must consider the capability and limitation of our target environment. In this case i will focus on some MVCC Caveats when using the default Read Committed isolation level as must application out there don’t change the default any way.Continue reading
In my previous blog posts Metric Extension : HugePages & capacity planning and Metric Extension : CPU usage and capacity planning we have seen haw to improve some of the metric usually used for capacity planning. Another very important metric is our FC HBA utilization and how much free capacity we still have.Continue reading
One of the cool new feature with aws sso is the possibility to pass user attributes also known as session tags. This can be very useful for Attribute-Based Access Control (ABAC) as described on the previous article. Another useful case is using the SSMSessionRunAs TAG to specify with which credential an AWS system session manager session is launched which will allow for better security as the default user “
ssm-user” has full administrative privilege on the target instance .
PgSilo is a new PostgreSQL extension that aim to provide better security and isolation by confining PostgreSQL back-end session into silo. Every PostgreSQL cluster will be split into many silo, we can have at must one silo per database, this aim to provide better native security when deploying PostgreSQL. A compromised process connected to database A (Silo A) will not be able to affect database B (Silo B) in the same cluster or in another database cluster on same HOST machine. That’s the ultimate objective , but we are still far from that!
pgSilo is still in active development and there is still a lot to do but I decided to share it at the early stage to get feedback and contribution of course . Here is a glimpse of what the actual Pre-APLHA release can do :Continue reading
When checking the file system Layout on my last blog post Oracle DbNest file system isolation : pivot root/ bind mount something caught my attention. So even if in oracle 20C read only oracle home is the way to go by default and DbNest is there to provide file system isolation (beside many other things) the oracle home is not mounted read only by default (
DBNEST_PDB_FS_CONF not set) in the new nest mount namespace !
Which is curious because a malicious user on a compromised PDB can exploit that and impact the hole environment.Continue reading
Thanks to a friend (who shared with me his cloud account) i managed to get access to another oracle 20C preview version . So here i am with a new blog post !
When creating a new Full PDB Nest one of the first thing that is done is creating a new User namespace, so let’s take a closer look at it !Continue reading