Re: Anyone have a copy of DUL ??

[Mogens Nørgaard]

Bernard of Oracle Holland made DUL (Direct UnLoader) several years ago. 
I took the very last internals class conducted by Oracle Support EMEA 
Vice President Andre Bakker (the only VP to conduct internals classes, I 
think. I also think he quit Support in disgust some time later :-) ), 
and we talked about a severe case we had in Denmark at that time.

Basically, a  company that made technical specs (including drawings) for 
some very advanced, high-speed transportation things, had not taken a 
backup of their system tablespace for 18 months. Then the system01.dbf 
file did its own thing, and their database didn't really feel good.

Andre told me that he had a guy who was working on a tool that might be 
able to help us out. But it was in beta, etc., etc.

So I went back to Denmark, called Bernhard, and we agreed that he would 
fix the bugs as we encountered them.

I sent one of my guys - Christian Fabricius - online, and he was gone 
for three days, but got all the technical drawings out of the datafiles 
(Bernhard had to fix two or three things as we went along - a tribute to 
his coding skills). All that time, practially, Bernhard was online. 
Rock'n'roll.

We were very proud. First time in history. Blah blah blah. When my 
manager went to a meeting with the customer a week later we were all 
expecting joy and happiness and perhaps some gratefullness from the 
customer.

But no. He was furious. Why hadn't we told him that it was neccessary to 
take a backup of the system tablespace? Where in the documentation did 
it clearly state that that was required? It was all our fault.

And we didn't even charge them more than normal hourly rates.

I never tried the other suggestion Andre had (and which he had used many 
times himself): Create a dummy database that has the same datafiles as 
the problem database. Then take the file headers from the dummy database 
and patch on top of the real database. Then you can start up, since the 
information in the file headers match.

Andre was one cool guy. He's enjoying early retirement, he claims.

Mogens

Rachel Carmichael wrote:

Kevin Loney tells the story of making a call to the data center from
the CIO's office and asking them to make a copy of the backup tapes and
leave them at reception. since the call came from the CIO's office,
they made the copy
--- Pete Finnigan <[EMAIL PROTECTED]> wrote:
 

Hi Peter

Glad to hear that there are controls in Oracle for use of DUL, I was
thinking of a case where i heard that one guy rang up the backup
storage
company for a large company and requested a set of backup tapes be
left
at reception at the company and he just walked in off the street and
took them. Mitnik tells similar stories in his book.
Thanks for the internal Oracle insight Peter,

kind regards

Pete

In article <[EMAIL PROTECTED]>, Peter Gram
<[EMAIL PROTECTED]> writes
   

Hi Pete

I have used Dul many times at customer sites when I was employed by 
Oracle Denmark.

Every time the customer management had to verify by phone and fax
     

that 
   

they understood
the full impact of using Dul.
Oracle have disclaimer that explains the problems with missing 
transaction consistency of the
data saved by Dul and the security issues.

The customer has to sign and fax the disclaimer back to Oracle
     

before we 
   

came on site .-)

After I left Oracle several people ask me if would write a Dul and I
     

declined.

I'm of the opinion that Dul should stay behind the Oracle firewall.

/peter

Pete Finnigan wrote:

     

Hi Mark

I agree with you Mark, even if its supplied by Oracle technicians -
       

it
   

is as you say possible to by-pass security completely. Does anyone
       

in
   

Oracle check that the field support personnel dispatched to a site
       

( in
   

urgency ) are dumping data for the owner of it? - 

I covered the issue of DUL with regards to security is the SANS
       

Oracle
   

security step-by-step book - action 6.5.1

kind regards

Pete

In article <[EMAIL PROTECTED]>, Mark Leith
<[EMAIL PROTECTED]> writes
       

One problem I see with giving this away "free" is that you will be
         

supplying
   

a tool that allows you to extract data from the database,
         

bypassing all
   

inbuilt security. A BIG "no no". I suppose that also applies to
         

this kind of
   

tool even under a paid license structure.

  

         

--
Pete Finnigan
email:[EMAIL PROTECTED]
Web site: http://www.petefinnigan.com - Oracle security audit
specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org
for details.
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Pete Finnigan
 INET: [EMAIL PROTECTED]
Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
   



__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
 

--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: =?ISO-8859-1?Q?Mogens_N=F8rgaard?=
 INET: [EMAIL PROTECTED]
Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).