Comment by 2thumbsup
10 days ago
Alone the fact that Oracle was hosting their login gateway on a product with a known vulnerability from 2021 with a CVSS score of 9.8 is quite disturbing.
10 days ago
Alone the fact that Oracle was hosting their login gateway on a product with a known vulnerability from 2021 with a CVSS score of 9.8 is quite disturbing.
we pay millions to Oracle. We hit a bug and it took 6months for them to reproduce and acknowledge there is a bug. they now seem to be on the lookout for someone being able to produce a fix: sales and indian after-sales can't do that... curious!
Oracle seems just a moneygrabbing shell company at this point and I suppose the whole hyperscaler-cloud is developing towards that point with the leaders of those corporations repeating exactly the same talking points...
Why are you still on Oracle? (genuine question, no snark)
Because Oracle gives their manager premium baseball tickets on the regular.
They make a great database?
19 replies →
Because of architectural decisions made a very long time ago (finance industry) and the potential risk of migrating to another platform.
1 reply →
as others have mentioned
- institutional inertia - some weird consultant style people in key roles (this happens around cloudy stuff too) - the DBA-team - "we can't move everything!" - "we just migrated off solaris!"
however every new project with sane leadership seems to decide against oracle.
Fun fact: Oracle has like 6+ LDAP/directory products, OAM is just one. Theres ODS, OIM, OID, OUD, OVD, NIS leftovers from Sun, and probably more honestly
OAM and OIM aren’t “LDAP/directory products” per se.
OAM is an access management product, used to implement stuff like SSO (single sign-on). So, for example, it comes with a module you can install in Apache which will intercept HTTP requests and redirect them to OAM’s login page - which may potentially talk to an LDAP to authenticate you. Or you can do stuff like define some URL patterns in an app as sensitive so they require a more secure authentication mechanism (such as 2FA or smart card), other URL patterns as less sensitive so password-only login is sufficient
OIM is basically about provisioning accounts from a source system into target systems. Those systems could be LDAPs from various vendors, but can also be HR systems (Oracle’s various offerings and SAP too), IBM mainframes (RACF, TopSecret, ACF2), Unix/Linux hosts, database tables, custom apps… also lets you do things like setup workflows to approve system access requests, you can configure it to require reapproval of high risk access requests by management every X months or else they get revoked (used for Sarbanes-Oxley compliance), etc
Source: I used to work for Oracle Engineering, in a team which handled escalations for these products-especially OIM, but I stuck my fingers in most of them. When I left (back in 2017, so a while ago now) they were putting a lot of effort into their cloud offering (IDCS, more recently replaced by OCI IAM), but I’m sure the on-premise offerings are going to stick around for a long time, especially because they have some customers (e.g. in the national security space) for which cloud is unlikely to be a viable solution any time soon
And you can't just use your AD, you have to install OID and have it synchronized.
It just makes me mad.
hey at least they use their own product!
It appears they took dogfooding a little too literally
Ironically, they didn’t see this coming.
1 reply →
Check out Oracle's market cap or Ellison's net worth ;)