Access to Network Services in Oracle Database - Oracle DBA

What is a listener?
Listener is a process that resides on the Oracle server whose responsibility is to listen for incoming client connection requests and manage the traffic to the server.

- By default, the listener name is (amazingly enough) “listener” (but you can call it anything you like). It listens for connection requests on a particular port (the default port number in 8.0 and above is 1521, but once again, you can set this to any valid port number if you wish). A client knows where to contact the listener (the machine it’s running on, and the port it’s listening on) because a local configuration file, called “tnsnames.ora”, gives it the necessary information. More advanced configurations can dispense with the tnsnames.ora (for example, you can opt to install a “names server”, which does the same job of telling the client where to find the listener).

- Upon receiving a connection request from a client, the listener can do one of two things. Either it will spawn a new server process, and redirect the client to talk directly to that server process… at which point, the listener drops out of the picture altogether, and continues to listen for connection requests from other clients. This is known as ‘bequeathing’ the server process to the client, in the sense of ‘making a gift’ –and the client is then said to have a bequeath session.

- Or it will inform the client of the network address of a server process which has already been created when the instance was started (a “pre-spawned server process), and the client is then able to make direct contact with that server process. Note again, however, that once the connection is established between the client and the server process, the listener simply continues to listen for new connection requests. This is known as ‘redirecting’ the client to the server process, and hence the client is said to have a redirect session. The only real difference between bequeath and redirect sessions is that, in theory, it takes longer to set up a bequeath session (the server process has to be created from scratch, for a start). However, the drawback with redirect sessions is that you have to pre-spawn a bunch of server process and hope that enough clients want to connect to make them useful… overdo it, and you just have a lot of processes chewing up memory and CPU cycles for no particular reason.

- Whatever type of session you end up with, though, it’s important to realise that the Listener is merely instrumental in establishing the connection; once established, the listener plays no further part in client-server communications. It is, therefore, possible to kill a listener, and no existing user would be any the wiser.

- The above description applies only to dedicated server configurations, where each user is connected directly to one server process that does nothing but service that user’s requests. It is also possible, however, to configure Oracle in what is known as multi-threaded server configuration (now known in 9i, more accurately, as “shared server configuration”). The only real difference this makes to the listener is that, upon receiving a client connection request, the listener redirects the connection to a dispatcher process, several of which are pre-spawned at instance startup. Yet again, however, once the client connection is established, the listener plays no further role in the communications process and continues to listen for new requests

- A single listener process can listen out for client connection requests on a variety of different networking protocols (such as tcp/ip, ipx/spx, Appletalk and so on). A single listener can also listen out on multiple ports for a single protocol (for example, port 1521 for tcp/ipan d port 1526 for tcp/ip) –but there are additional configuration issues when you use anything other than the default port of 1521 for tcp/ip connections (the short story is that local_listener must be set in the init.ora of the instance using the non- default port address).

Cyber Security Interview Questions

Q: What is cybersecurity?
Cyber securities are defined as a group of processes, technologies and practices which are designed in a special way to protect computers, networks, access which are unauthorized and many more.

Q: What do you mean by Cross Site Scripting?
Cross Site Scripting generally tends to refer to an injected attack which is from the side of the client code, where, the one who is attacking has all the authorities in executive scripts which are malicious into an application of web or a website which is legitimate. Such kinds of attack are generally seen where the web application is making use of the non-encoded or non-validated inputs of the users inside the range of the output which is generated.

Q: What does Cyber security work for in a specific organization?
There are mainly three major reasons for which cyber security works: 
1. Confidentiality: Whenever information is transmitted from one place to another, a certain level of secrecy is maintained, which is known as confidentiality.
2. Integrity: This means that whenever there is a need for change in any document stored beforehand or new, it can only be done by an authorised person with proper and secure mechanism. 
3. Availability: Everything that is important should be readily available to the authorized people otherwise there will be no use of such information that is not available. 

 Q: What can you defend yourself from Cross Site Scripting attack?
Like any other injection attack, Cross Site Scripting attack can also be prevented by the use of the proper available sanitizers. Web developers have to have an eye on the gateways through which they receive information and these are the gateways which must be made as a barrier for malicious files. There are software or applications available for doing this, like the XSS Me for Firefox and domsnitch for Google Chrome. Also, the default web application firewall formula, popularly known as ModSecurity Plus will also do the job quite satisfactorily. 

Q: What do you mean by a Botnet?
A botnet is basically known to be a network or a group of computers which are affected by malware and are being constantly monitored by a server which throws the commands. The one is in control of the botnet can impact some serious damage through all those linked computers affected with malware.

Q: Strike the difference between vulnerability, a risk and a threat? 
These three terms are interlinked but they are very different from each other: 
1. Vulnerability: If your security program has a breach or weakness then different threats can further exploit the program and thus hack into your system to access data that is stored securely. 
2. Risk: If your system is not secure enough and has the chances of getting damaged or destruction along with loss of data when a threat exploits the vulnerability, it’s under huge risk. 
3. Threat: Something that is necessary for exploiting the vulnerability either knowingly or by accident in order to damage or destroy personal and official data. 

Q: How can the two factor authentication be implemented for the public facing websites?
The two factor authentication or shortly abbreviated as 2FA acts as another or an extra seal on your already protected account with a password. This two factor authentication can be implemented on public-facing websites like Microsoft, Twitter, Apple, Google and LinkedIn. For enabling such services, one can easily go to settings and then to manage security settings. Here, you will find the option of enabling two factor authentications.

Q: Being a professional, what is more important Threats or Vulnerabilities? 
]Despite the advancements in the security systems with the years, the threats and vulnerabilities have only increased with each passing day. Assessing threats is still not under the control of any high-tech security team. Although, a threat rises from vulnerability, so if we have proper control over them, we can still try and control threats. Secondly, the type of threats remains same but the vulnerabilities are what keep on changing. Thus we need to focus on building something that has a proper defence mechanism and also can track down new vulnerabilities. 

For more information visit Mindmajix

Oracle Data Guard Interview Questions

If you're looking for Oracle Data Guard Interview Questions for Experienced or Freshers, you are at right place. There are lot of opportunities from many reputed companies in the world. According to research Oracle Data Guard has a market share of about 0.1%. So, You still have opportunity to move ahead in your career in Oracle Development. Mindmajix offers Advanced Oracle Data Guard Interview Questions 2018 that helps you in cracking your interview & acquire dream career as Data Management Specialist.

Q) Why do you think using Data Guard by Oracle is helpful to our work?
The benefits of using the software are many in any environment dealing with data. It ensures that the data stays protected and easily available. You get to take the load off from backups to standby operations database. The problems like gaps in the standby database are automatically detected and resolved. The guard broker allows automated role transition.

Q) Name the three top services offered by the Data Guard software?
The three top services offered by the software are:

1. Redoing the transport service
2. Applying of log service
3. Role transitional services

Q) Name the three protection modes available in the software.
The three protection modes that are available include maximum availability, protection and performance.

Q) What is the default protection mode of the software?
The default mode in the software Data Guard is Maximum performance.

Q) What are advantages offered by Maximum Performance protection mode?
The main advantage of this default mode is that the performance of the primary data is not affected while the highest possible level of protection for the data is ensured. The transactions begin to commit as soon as the redone data produced by the transactions get written on to the online log.

Q) What are the benefits of maximum protection mode?
This protection mode comes to the rescue when the primary database fails. The primary database shuts down and stops processing the transaction when this protection mode is enabled. So with this protection mode, you can be assured that there will be no data loss.

Q) How is the maximum protection mode enabled?
The redone data must get written in two places before committing the transaction- the online log and a standby database. This way the primary database can shut down but the data remains intact.

Q) What are the advantages of maximum availability protection mode?
The biggest advantage with one is that the availability of the primary database is uncompromised but the maximum possible level of protection is offered to the data. The transactions with this protection mode only commits when all the redone data needed to recover the transactions get written to a standby database and the online log.

Q) How is the protection mode changed?
The steps for changing the protection mode are as follows:

1. Go to the alter database option.
2. Set the standby database.
3. Select from the three available options of performance, availability and protection

Q) What is the number of standby databases that can be created?
It depends on what version of the software that is at your disposal. The general number ranges from nine to thirty standby databases.

Q) How would you create a physical Standby in this software?
The following easy steps can create a physical standby in the software:

• Enabling of the forced logging
• Creating of a password file
• Configuration of a standby redone log
• The archiving is enabled
• Setting up of the parameters for initialization of the primary database
• Configure the needful settings that support database of both the nodes.

Q) Mention the chief advantages of using Physical database standby in the software.
There is fourfold advantage to using the physical database standby.

1. The higher availability quotient
2. The high capability of balancing the load including both reporting as well as backup.
3. Protecting the data
4. Recovery of data is case of disasters

For more information visit Mindmajix 

Oracle DBA Tutorial

This tutorial gives you an overview and talks about the fundamentals of Oracle DBA.

ORACLE DATABASE 12C ARCHITECTURE

This section highlights the concepts and a general overview of the players that deliver this proprietary database management system. These players fall into three main categories:

Shared memory a section of the host server’s memory through which all the data passes and the applications’ code is stored and executed

System support infrastructure a mix of background and foreground processes that perform the tasks required to facilitate the application interaction with the 12c database

Operating system files a suite of no less than ten files that play individual roles as the database runs.

The next three sections address these players and provide a bird’s-eye view of what they do.

SHARED MEMORY

Shared memory is nothing more than a newfangled name for what was and is sometimes still referred to as RAM—random access memory. As the 12c database is started, a handful of entries in its system parameter file contribute to the size of memory allocated to the instance. Many adopters of the Oracle technology use the words “database” and “instance” synonymously. There is a fundamental difference between the two.

* A database is an assortment of files that store data plus a handful of worker files that facilitate application access.
* An instance is a segment of shared memory and support processes that provide the capability for applications to work with the data stored in the database. Once the instance is started, the following areas of shared memory play a role in database management activities:
* The system global area, or SGA, contains data and control information from a single database instance.

The program global area, or PGA, is part of the memory allocated to a 12c instance as it is started. Unlike the memory in the SGA, PGA memory is not shared. It contains data and control information specific to server processes, not the instance as a whole.

*The user global area, or UGA, is memory associated with each user session.
*Even though it is allocated from PGA memory, the UGA is discussed as one of the four main memory components.
*Software code areas are where SQL code is prepared for execution and sits in memory until used.
*It would be impossible to get into the details of each of these components; as you encounter the memory structures that  support a running Oracle instance, the terminology will not be brand new. Below Figure is a graphical representation of the  bullet points just discussed with minimal drill-down.

For more information visit Mindmajix

Enabling ASP.NET Debugging - A Step by Step guide

Well Said, you have furnished the right information that will be useful to anyone at all time. Thanks for sharing your Ideas.

Mindmajix Openstack 

Oracle RAC Interview Questions

Q1) What is cache fusion?

In a RAC environment, it is the combining of data blocks, which are shipped across the interconnect from remote database caches (SGA) to the local node, in order to fulfill the requirements for a transaction (DML, Query of Data Dictionary).

Q2) What is split brain?

When database nodes in a cluster are unable to communicate with each other, they may continue to process and modify the data blocks independently. If the
same block is modified by more than one instance, synchronization/locking of the data blocks does not take place and blocks may be overwritten by others in the cluster. This state is called split brain.

Q3) What is the difference between Crash recovery and Instance recovery?

When an instance crashes in a single node database on startup a crash recovery takes place. In a RAC enviornment the same recovery for an instance is performed by the surviving nodes called Instance recovery.

Q4) What is the interconnect used for?

It is a private network which is used to ship data blocks from one instance to another for cache fusion. The physical data blocks as well as data dictionary blocks are shared across this interconnect.

Q5) How do you determine what protocol is being used for Interconnect traffic?

One of the ways is to look at the database alert log for the time period when the database was started up.

Q6) What methods are available to keep the time synchronized on all nodes in the cluster?

Either the Network Time Protocol(NTP) can be configured or in 11gr2, Cluster Time Synchronization Service (CTSS) can be used.

Q7) What files components in RAC must reside on shared storage?

Spfiles, ControlFiles, Datafiles and Redolog files should be created on shared storage.
For more information visit Mindmajix

Selenium Tutorial

This tutorial gives you an overview and talks about the fundamentals of Selenium.

SELENIUM INTRODUCTION

What is Automation Testing?

>>Test automation has grown in popularity over the years because teams do not have the time or money to invest in large test teams to make sure that applications work as they are expected to. Developers also want to make sure that the code they have created works as they expect it to.
>>Developers use a multitude of different testing frameworks to test different aspects of the system. Selenium is one of the most well?known testing frameworks in the world that is in use. It is an open source project that allows testers and developers alike to develop functional tests to drive the browser. It can be used to record workflows so that developers can prevent future regressions of code. Selenium can work on any browser that supports JavaScript since Selenium has been built using JavaScript.

>>Software applications today are written as web?based applications to be run in an Internet browser. The effectiveness of testing these applications varies widely among companies and organizations. In an era of highly interactive and responsive software processes where many organizations are using some form of Agile methodology, test automation is frequently becoming a requirement for software projects. Test automation is often the answer. Test automation means using a software tool to run repeatable tests against the application to be tested. For regression testing this provides that responsiveness.

What is the use of Automation Testing?

There are many advantages to test automation.
Most are related to the repeatability of the tests and the speed at which the tests can be executed.
There are a number of commercial and open source tools available for assisting with the development of test automation.
Selenium is possibly the most widely?used open source solution.
Frequent regression testing
Rapid feedback to developers
Virtually unlimited iterations of test case execution
Support for Agile and extreme development methodologies
Disciplined documentation of test cases
Customized defect reporting
Finding defects missed by manual testing

What we need to Automate?

It is not always advantageous to automate test cases. There are times when manual testing may be more appropriate. For instance, if the application’s user interface will change considerably in the near future, then any automation might need to be rewritten anyway.

When Automation is not Recommended?

Sometimes there simply is not enough time to build test automation.
For the short term, manual testing may be more effective.
If an application has a very tight deadline, there is currently no test automation available, and it’s imperative that the testing get done within that time frame, then manual testing is the best solution. 

WHAT IS SELENIUM?

The Selenium IDE (Integrated Development Environment) is an open source record-and-playback tool for generating Selenium scripts, which is integrated with the Firefox web browser as an extension. It is a renovmed web-based UI test automation tool that extracts any kind of locator from the web page. The locators can be either attribute-based or structure-based, and include ID, name, link, XPath, CBS, and DOM. The IDE has the entire Selenium Core, which allows the users to record, playback, edit, and debug tests manually in a browser. The user actions in the web page can be recorded and exported in any of the most popular languages, such as Java, C++, Ruby, and Python.
Selenium Builder is an alternative open source tool for the Selenium IDE to record and playback web applications. It is an extension of the Firefox web browser, which is similar to the Selenium IDE, but, it has some unique features that the Selenium IDE doesn’t support. Selenium Builder is a standard tool from Sauce labs that runs tests on Sauce Cloud from the Selenium Bader interface itself.

For more information visit mindmajix