Oracle Database, Fusion Middleware, Linux

How to get 30 days Free Oracle Cloud Subscription Plan PaaS IaaS

Oracle now offers the Free Oracle Cloud Promotion plan. With this promotion, we start with $300 (€260) Cloud Service credits in your Oracle Cloud Services Account. This balance can be used towards activating and using any of the metered Oracle Cloud Services in the following categories: PaaS, IaaS, Big Data and Middleware Cloud Services, which are available as Pay-as-You-Go subscriptions.

Previously we were playing with free trial subscription of Oracle Database Schema Cloud Service. This tutorial however is different! We are going to try a 30 days free subscription plan, which includes all we need to get started with Oracle Cloud: Compute, Storage, Database, Database Backup, MySQL, Java, SOA, Application Container Cloud and Developer Cloud Services.

Let’s get started! We sign up for a trial subscription to Oracle Public Cloud Services:


We make sure that we select correct country as we would have to provide a valid mobile number for verification purposes, the country code is selected automatically based upon our country selection.

Shortly after completing sign-up procedure, we’ll receive a confirmation email from Oracle titled:

Oracle Store Account creation confirmation – [First, Last Name]

We are not ready yet! We must wait for another email which will state:

Welcome to Oracle Cloud. Your Oracle Public Cloud Services Free Promotion is ready.

It might take a while though. I’ve received mine next day. At this moment our Oracle Account has already been granted free credits.

In the final confirmation email we can find information about access credentials and URLs to all the services such as:

  • My Services Administration access to manage your cloud services as well as to monitor usage and status.
  • My Account Administration to add additional account admins or review our order.

We are ready to login to My Services Administration dashboard, we use Identity Domain and My Services URL found in the welcome email: 


Oracle Cloud Subscriptions available within the promotion plan 

(in my case it is under EMEA Data Jurisdiction and within EMEA Data Center):

Oracle IaaS Public Cloud Services

  • Oracle Ravello Cloud Service
  • Oracle Container Cloud Service
  • Oracle Storage Cloud Service
    Note: Before you begin with Oracle Storage Cloud Service, sign in to My Services to obtain the REST API endpoint. In My Services, you may be asked to set up the Replication Policy for your instance.

Oracle Java Public Cloud Services

Note: You must create an instance of Oracle Integration Cloud Service in My Services.

  • Oracle Application Container Cloud
  • Oracle Messaging Cloud Service (an instance must be created in My Services)
  • Oracle Java Cloud Service
  • Oracle Process Cloud Service (an instance must be created in My Services)
  • Mobile Environment Service (an instance must be created in My Services)
  • Oracle Content and Experience Cloud (an instance must be created in My Services)
  • Oracle SOA Cloud Service
  • Oracle Internet of Things Cloud – Enterprise

Oracle Database Public Cloud Services:

  • Oracle Database Cloud Service
  • Oracle Database Backup Service
  • Oracle Database Exadata Cloud Service
  • Oracle GoldenGate Cloud Service
  • Oracle MySQL Cloud Service

Oracle Big Data Public Cloud Services:

  • Oracle Big Data Preparation Cloud Service (an instance must be created in My Services)
  • Oracle Event Hub Cloud Service – Dedicated

developer80217 (Standard Developer Service)

Note: The Service Instance URL is used by the end-users in your organisation to sign in to Standard Developer Service.

Enjoy your 30 days free Oracle Cloud Subscription plan. In next articles we will take a closer look at particular services. We will get started with Oracle Database Cloud Service , stay tuned!

source: oracle.com

, , ,

Oracle Database Cloud Service free trial account

Oracle Cloud is offering a free of charge 30 days trial subscriptions to Oracle’s Platform (PaaS) and Infrastructure (IaaS) Cloud Services. One of the services is Oracle Database Cloud Service.

Users can find two ways to discover Oracle Cloud. One way is to get 30 days trial subscription to Platform & Infrastructure services.  Second way is to register for Application (SaaS) and Data (DaaS) quick tours which offers very nice interactive application demos, videos and e-books.


Oracle Sales Cloud Quick Tour

One of the Platform & Infrastructure services is Oracle Database in the Cloud providing several deployment choices such us single schemas, dedicated pluggable databases, virtualized databases and more. Our focus for today is to activate 30 days subscription to Oracle Database Schema Cloud Service and application express (APEX).

Oracle Database Schema Cloud Service

First of all you would require a valid oracle account. If you don’t have it yet you may register at Oracle.com here: Create Your Oracle Account

Next we visit Oracle Cloud Trial page where we scroll down to Database Schema and click on “Try It” link. Next we have to provide all required information and submit our request. Make sure you have a mobile phone with you in order to receive a text message with verification code.

When your request has been approved, Oracle will send you an email. (For me, it took less than one minute). So next step is to check your email and activate your trial by clicking on the “Activate My Trial” button. You have 5 days to activate your trial after you receive the email.


At this moment your request has been submitted for activation and is in progress.

When activation is complete, you’ll receive another email with access details, username and temporary password to My Services dashboard, where you can monitor all your services, add users, service usage and administer your database in the cloud.


When you login to “My Services” for the first time you will be asked to setup your preferences: language and time zone. Once completed, hit the button “continue” and you will be taken to Oracle Database Cloud Service Details page.


Next login to My Account Administration dashboard and reset default password!


Now let’s open our Service Details dashboard:

Make a note of SFTP connection details and My Services URL. These information will be required for setting up connection to your database using for example Oracle SQL Developer.

Oracle Application Express in the Cloud (APEX 5)

By navigating to My Services URL, you will be taken to Oracle Cloud login page, then Cloud Services Dashboard and eventually to Application Express start page. Here you can run sample APEX applications or browse database objects within your schema as well as run SQL queries using SQL workshop. You can also start developing APEX apps.

Now you might be wondering how to connect to the Cloud Database Schema using Oracle SQL Developer? Please note that this trial account doesn’t offer full Oracle Database Service but only Oracle Database Schema in the cloud hence we can connect in read-only mode. Here is how:

  1. Grab the Service Instance URL from Service Details dashboard. In our example it was https://zion-ziontrial.db.us2.oraclecloudapps.com/apex/
  2. Run Oracle SQL Developer and create new Cloud Connection (your oracle account)
  3. Connect to Cloud Database, now you can browse database objects.

Have fun! Please leave your comment down below and if you like it please share.

, , , , , ,

Around The World Flight 26, Karonga to Blantyre

We continue to traverse the great lakes of Africa, following the course of Lake Nyasa to Blantyre in Malawi.

Initiation ritual of boys in Malawi

We travel along the shores of Lake Nyasa as we reach Blantyre in the country of Malawi. You may be surprised at such a Scottish sounding place name deep in the heart of Africa. The reason is simple, the town was named after the Scottish birthplace of renowned explorer David Livingstone who was instrumental in the growth of the town.

David Livingstone

David Livingstone

David Livingstone (19 March 1813 – 1 May 1873) was a Scottish Congregationalist pioneer medical missionary with the London Missionary Society and an explorer in Africa, one of the most popular national heroes of the late 19th century in Victorian Britain.

Chileka Airport

Chileka Airport

Chileka International Airport (IATA: BLZ, ICAO: FWCL) is an airport located 16km (9nmi) from Blantyre, the second largest city in the Republic of Malawi and the commercial Capital of Malawi’s Southern Region. It is sometimes referred to as the commercial and industrial capital of Malawi as opposed to the political capital, Lilongwe. Blantyre is the capital of the country’s Southern Region as well as the Blantyre District. (Wikipedia)

Continue reading…

, , , , , ,

Data Redaction in Oracle Database 12c flaws or security gaps?

I’ve been working on proof of concept project for Data Redaction in Oracle Database 12c. Hard to say but POC has proven that data redaction has couple of flaws or according to Oracle “constraints”. Therefore before we could continue with implementation we would have to find solutions to below findings. Any feedback from the readers would be much appreciated.

Test scenario: Database user schema is “APEX_ZION”. A table “DEMO_CUSTOMERS” has data redaction enabled on CUST_POSTAL_CODE column, masking data using randomly generated characters. Here is how to enable data redaction. Another user schema “TEST_USER” has granted SELECT privileges on DEMO_CUSTOMERS table. The goal is to mask sensitive data for test_user only. So when we login to a database as “APEX_ZION” and we run an SQL query we can see true data:



 7 rows selected

Next we run the same SQL query as “test_user” and we can see masked data only:



 7 rows selected 

So far so good. Here comes the funny part…

Using Oracle SQL Developer we are logged as “test_user” (1), We run SQL query (2) and as a result we can see masked data. Next, in the same session navigate to Other Users (3) -> APEX_ZION (4) -> Tables (5) -> DEMO_CUSTOMERS (6) and click on Data tab (7) to view table’s content. Surprise, the data is not being redacted anymore.

In addition please read David Litchfield’s white paper “Oracle Data Redaction is Broken” here (PDF). I checked all three methods in my labs in September 2016 and in result we see that using “RETURNING INTO” and “XMLQUERY()” methods appear to be fixed. However one gap still persist in a Database 12c version – “an iterative inference attack”. It is possible to be executed disclosing redacted data even to a regular test_user, with “create procedure” and “select” privileges on a target table! According to Oracle documentation it is a constraint in data redaction.

Below test result based on example 3 from David Litchfield’s white paper:


--an iterative inference attack
exec p_undoredaction;
PL/SQL procedure successfully completed.
CC: 4111222233334444

All in all Oracle Data Redaction seems to be very handy feature next to well known Oracle Data Masking option. However facing above flaws it is a bit pointless to implement it in any of the environments. And the sad part of it is that David Litchfield has reported his findings to Oracle in 2013 and Oracle did not “fix” it yet (2016). I’m not sure whether bug from SQL Developer has been already reported to Oracle, this is something that I’ve discovered today. Please leave your comments if you know more similar flaws or how to tackle existing ones.

EDIT: Even though Oracle Data Redaction is not designed to prevent data exposure to database users who run ad hoc queries directly against the database, it can provide an additional layer to reduce the chances of accidental data exposure. Because such users may have rights to change data, alter the database schema, and circumvent the SQL query interface entirely, it is possible for a malicious user to bypass Data Redaction policies in certain circumstances. Source: Oracle Documentation

More can be read here Security Considerations for Using Oracle Data Redaction:

Oracle Data Redaction is not intended to protect against users who run ad hoc SQL queries that attempt to determine the actual values by inference.

Now I’m asking myself, what’s the point of using data redaction whatsoever? It’s like asking my boy not to watch certain TV channels securing them by default security pin 0000. Do you know any use cases of using data redaction? Please leave your comments down below.


, , , ,

Oracle Data Redaction in Oracle Database 12c

Data Redaction provides a way to define masking policies for an application. Oracle Data Redaction provides functionality to mask (redact) data that is returned from user SELECT queries. The masking takes place in real time. The difference between Oracle Data Masking and Data Redaction is that Data Redaction doesn’t alter underlying data in the database; it redacts the data only when it is being displayed. Data Redaction can be applied conditionally, based on different factors such as user, application identifiers, or client IP addresses. Data Redaction is available in Oracle Database 12c and now also in 11g Release 2, patch set Data Redaction is licensed as part of Oracle Advanced Security.

EDIT: Be aware of Oracle’s data redaction “constraints”. Read David Litchfield’s white paper “Oracle Data Redaction is Broken” here (PDF). I checked all three described methods in my labs in September 2016 and using “RETURNING INTO” and “XMLQUERY()” methods appears to be fixed. However one gap still persist in a Database 12c version – “an iterative inference attack”. It is still possible to be executed disclosing redacted data even to a regular test_user schema!

Below TEST 3 result based on David’s white paper example:


--an iterative inference attack
exec p_undoredaction;
PL/SQL procedure successfully completed.
CC: 4111222233334444

data _redaction_concept

Data redaction doesn’t prevent application logic, operations like inserting, updating or deleting data  are perfectly consistent with original data. If the application user creates a view on redacted table, the view will also contain the redacted data.

The following methods are available in data redaction:

data _redaction_methods

Oracle Data Redaction in Oracle Enterprise Manager 12c:

In our demo we will be using sample table created in “APEX_ZION” schema running in Oracle Database 12c pluggable database. Customer data resides in CUSTOMERS table in APEX_ZION schema. We’ve got ~50k of records in the table. We generated our sample data at fakenamegenerator.com and imported it using Oracle SQL Developer.

Here is an sql script to create a demo table with several rows and test user account:

as APEX_ZION user
create table customers (
	customer_id		number,
	cust_first_name		varchar2(20),
	cust_last_name		varchar2(20),
	cust_phone_nr		varchar2(25),
	CUST_STREET_ADDRESS	varchar2(60),
	cust_postal_code	varchar2(10),
	cust_city		varchar2(30),
	cust_email		varchar2(60),
	cust_url		varchar2(100),
	cust_national_id	varchar2(20)
Insert into CUSTOMERS values ('124','George','Haynes','478-226-7323','4145 Oakridge Lane','30901','Augusta','GeorgeAHaynes@dayrep.com','closedloopcolor.com','670-09-4251');
Insert into CUSTOMERS values ('125','William','Bill','205-968-8067','3553 Wright Court','35243','Cahaba Heights','WilliamCBill@gustr.com','jswimshop.com','419-92-3203');
Insert into CUSTOMERS values ('126','Rhonda','Finley','217-615-9990','1405 University Hill Road','62701','Springfield','RhondaNFinley@cuvox.de','istanbulchekup.com','345-40-5460');
Insert into CUSTOMERS values ('127','Rosana','Solis','630-912-3504','747 Lewis Street','60606','Chicago','RosanaASolis@teleworm.us','germanfacials.com','342-30-5422');
Insert into CUSTOMERS values ('128','Craig','Montz','407-296-6024','1326 Barnes Street','32808','Orlando','CraigAMontz@dayrep.com','moocroot.com','768-32-5412');
Insert into CUSTOMERS values ('129','Todd','Barrios','325-282-5551','2445 Felosa Drive','79506','Blackwell','ToddJBarrios@teleworm.us','rekzai.com','636-84-3118');
Insert into CUSTOMERS values ('130','Ida','Cochran','334-566-0879','3410 Turkey Pen Lane','36081','Troy','IdaJCochran@gustr.com','onwebinsurance.com','417-04-4580');
Insert into CUSTOMERS values ('131','Lewis','Anderson','812-442-2562','709 Lucy Lane','47834','Brazil','LewisBAnderson@armyspy.com','oreauction.com','309-98-5662');
Insert into CUSTOMERS values ('132','Cheryl','Winters','559-501-6054','2155 Chicago Avenue','93721','Fresno','CherylGWinters@jourrapide.com','mcdube.com','573-54-1811');
Insert into CUSTOMERS values ('133','Leann','Sullivan','773-396-7992','1060 Oakmound Drive','60605','Chicago','LeannDSullivan@cuvox.de','localvim.com','356-78-9654');


connect sys / as sysdba
create user test_user identified by *******;
grant insert, select, delete, update on APEX_ZION.customers to test_user;
grant create session to test_user;

Our goal is to redact the following columns for all other users than apex_zion:

Column Name Data Redaction method
cust_phone_nr Partial
cust_postal_code Random
cust_email RegExp
cust_national_id Partial

Login to the Oracle Enterprise Manager 12c, next login to a target database and create data redaction policy:

New policies are effective immediately, let’s test it in Oracle SQL Developer by selecting the same data from two different user accounts:

Data Redaction policies can also be managed in Oracle SQL Developer.

First we have to grant the following privileges to user APEX_ZION

--as sysdba user:
grant select on sys.redaction_policies to apex_zion;
grant select on sys.redaction_columns to apex_zion;
grant execute on dbms_redact to apex_zion;

Data Redaction in SQL Developer:

That’s all folks. For more information please check DBMS_REDACT at Oracle Docs.

Please leave your comments down below.

, , ,

Configure SSL in WebLogic Server Domain

Quick guide on how to implement SSL in WebLogic Server domain. Custom Identity and Custom Trust with self-signed certificate.

First, let’s create custom directory to store self-signed certificate, custom keystore and custom trust store files:

mkdir -p /u01/app/oracle/config/domains/wls12c_domain/security/SSL

Modify input variables according to your requirements and run below script on WebLogic Server host. This script will automate entire procedure and does the following:

  • create keystore
  • create self-signed certificate
  • export the server certificate
  • create Trust Store
#Script: Generate Keystore
cd ${DOMAIN_HOME}/security/SSL

DNAME="CN=example.local.net, OU=ZION Support, O=ZION Inc, L=Gotham, ST=StateOfMind, C=EU"

echo "Creating keystore"
${JDK_HOME}/keytool -genkey -alias ${ALIAS} -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "${DNAME}" -keypass ${KEYPASS} -keystore ${IDENTITY_JKS} -storepass ${STOREPASS}

#Self Signing the Certificate
echo "Self Signing the Certificate"
${JDK_HOME}/keytool -selfcert -alias ${ALIAS} -dname "${DNAME}" -keypass ${KEYPASS} -keystore ${IDENTITY_JKS} -storepass ${STOREPASS}

#Exporting the Server certificate
echo "Exporting the Server certificate"
${JDK_HOME}/keytool -export -alias ${ALIAS} -file ${CERT_CER} -keystore ${IDENTITY_JKS} -storepass ${STOREPASS}

#Creating Trust Store
echo "Creating Trust Store"
${JDK_HOME}/keytool -import -alias ${ALIAS} -file ${CERT_CER} -keystore ${TRUST_JKS} -sigalg SHA256withRSA -storepass ${STOREPASS} -noprompt

echo ""
echo "Done"
echo ""

To check the content of the keystore

keytool -v -list -keystore identity.jks

Next, Login to Weblogic Server Admin Console, go to Servers and select the managed server you want to update.

  1. Go to Configuration -> Keystore tab
  2. Click the Change button under Keystore Configuration and select Custom Identity and Custom Trust
  3. For the Custom Identity Keystore, enter the path to identity.jks file, next type in Keystore type: JKS
  4. Enter your Custom Identity Keystore Passphrase as the password
  5. For the Custom Trust Keystore: enter the path to trust.jks file
  6. Keystore Type: JKS. Click Save button
  7. Go to Configuration -> Keystore -> SSL tab
  8. Enter the server certificate key alias (in our example: zion), and the keystore password
  9. Click Save to apply the changes.

Finally go to Configuration -> General tab and enable managed server to be listening on SSL port. Save changes.

You need to reboot WebLogic managed servers for the changes to take effect.

Extra tip: You may like the following WLST script which will automate the WebLogic Server configuration part – WLS_configure_SSL


, , , , ,

Oracle Live SQL is live. Code SQL in a Web Browser

Oracle Live SQL is a free online tool to learn and code SQL & PL/SQL in Oracle Database. Learn and share SQL, for free.

source: oracle.com

Get instant access to the Oracle Database and learn from a collection of community scripts and structured tutorials. Save and share SQL sessions with others!

Oracle Live SQL

Oracle Live SQL exists to provide the Oracle database community with an easy online way to test and share SQL and PL/SQL application development concepts.

  • Browser based SQL worksheet access to an Oracle database schema
  • Ability to save and share SQL script
  • Schema browser to view and extend database objects
  • Interactive educational tutorials
  • Customized data access examples for PL/SQL, Java, PHP, C
  • Learn more by using Live SQL yourself. Login to OTN and get started.

Live SQL Content

SQL Queries, PL/SQL Procedures, Functions, Packages and more!

Browse the collection of SQL scripts and tutorials: View ALL

source: oracle.com

, , , , ,

How to enable Oracle Enterprise Manager Express 12c

Oracle Enterprise Manager Express is a Web-based interface for managing an Oracle database 12c. It enables users to perform basic administrative tasks such as managing users, managing database initialization parameters, memory or storage. You can also view performance and SQL Tuning Advisor information, check status information about your database and pluggable databases.

In Oracle Database 12c Release 1, the concept of multi-tenant environment has been introduced. The multi-tenant architecture enables an Oracle database to function as a multi-tenant container database (CDB) that includes zero, one, or many customer-created pluggable databases (PDBs).

A CDB includes the following components:

Root named CDB$ROOT, stores Oracle-supplied metadata and common users. An example of metadata is the source code for Oracle-supplied PL/SQL packages. A common user is a database user known in every container.

A PDB appears to users and applications as if it were a non-CDB. For example, a PDB can contain the data and code required to support a specific application (e.g., APEX).

Each of these components is called a container. Therefore, the root is a container, the seed is a container, and each PDB is a container.

In this tutorial we will show two different types of configurations of Enterprise Manager Express one for CDB and the second for PDBs only. Imagine yourself as a dba who has full access to non-CDB/CDB/PDB, OEM Express 12c will allow you to manage CDB and all PDB containers from one central console. On the other hand you would like to allow regular users to login to OEM Express 12c as well, but grant them access to their PDBs only.


Continue reading…

, , , , , ,

Installing Oracle Linux 7 for Oracle software deployments

This demo shows installation process of Oracle Linux 7 in virtual machine (VirtualBox) and basic OS configuration for further Oracle software deployments e.g., Oracle Databases, WebLogic Servers.


1. Download Oracle Linux ISO image from Oracle Software Delivery Cloud

Continue reading…

, ,

Shell script: Copy files from source to target directory

Simple shell script to search and copy files from one folder to another.

Pretty useful if there is a need to copy/move files from one folder to another (e.g., Dropbox) in case that running program cannot be configured to write output files to multiple locations. The existing files in the destination folder are skipped. However bear in mind that this script doesn’t cover currently opened files, or it will not transfer the files again if the size of the source file has changed – for such scenario it would be useful to run rsync utility.

#This script will search for files defined by SUFFIX_ARG in SPATH
#directory and copy them to DPATH directory
#The files that already exist in destination will be skipped

#Script Variables
ACTION_TIME=`date +"[%d-%m-%y %T]:"`
COPY_LOG=COPY-`date +"%d-%m-%y_%T"`.log

echo "${ACTION_TIME} Starting copy task" >> ${COPY_LOG}
find ${SPATH} -type f -name "${SUFFIX_ARG}" -print | while read path
   FN="${path##*/}" #extract the file name from the path
   ACTION_TIME=`date +"[%d-%m-%y %T]:"`
   if [ -e "${DPATH}/${FN}" ]   #if the destination file exists, skip it
      echo "${ACTION_TIME} Skipped: File ${DPATH}/${FN} already exist" >> ${COPY_LOG}
       echo "${ACTION_TIME} Trying to copy ${FN}" >> ${COPY_LOG}
	   cp "$path" "${DPATH}/${FN}" >> ${COPY_LOG}
	   ACTION_TIME=`date +"[%d-%m-%y %T]:"`
	   echo "${ACTION_TIME} Copy ${FN} to ${DPATH} Complete" >> ${COPY_LOG}

As an alternative we could use rsync utility in order to synchronize multiple folders in the system. This is useful when we run rsync and there are still opened files. Once the particular file has been written, next rsync run will also synchronize this file, regardless whether it exists in the target folder or not.

rsync -q -axr --delete --exclude "DIR1" --exclude "DIR2" --include "*/" --include="*.jpeg" --exclude "*" /home/user/source /home/user/target

What we do in rsync is the following:

-q, --quiet		suppress non-error messages
-a, --archive		archive mode
-x, --one-file-system	don't cross filesystem boundaries
-r, --recursive		recurse into directories
--delete		delete extraneous files from destination
--exclude=PATTERN	exclude files matching PATTERN
--include=PATTERN	don't exclude files matching PATTERN



Previous Posts

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.