Oracle SES May Not Be
April 17, 2008
Security Pro News pointed to a notice in the Oracle Security Web log on April 16, 2008. The database giant has released an update that addresses more than a dozen security issues. You can read the details on the Oracle Web site.
If you are an Oracle Secure Enterprise Search licensee with an Oracle database back end, you will want to make certain you have the appropriate updates. Oracle details of the patch and download links may be accessed from the Oracle Technology Network.
Beyond Search recommends that you navigate to the Oracle site. Make sure your Secure Enterprise Search installation is “secure”. The key differentiator for this search and content processing system is its security engineering. As I noted in the first three editions of the Enterprise Search Report, search systems present a number of access and control issues. Oracle was one of the first companies to pivot a value proposition on security. Oracle’s approach requires some additional administrative effort and, in some cases, the licensing of additional Oracle components.
In the 1980s, Verity implemented a clever ticket system. Although largely forgotten, the Verity approach offered some technical advantages over the Oracle approach. But compared to the security measures taken by some vendors, Oracle’s approach is solid. Glitches are annoying. Update today.
Stephen Arnold, April 17, 2008