Lab128 - Security Disclosure.
We believe that every vendor should disclose its application's security to explain the risk involved in using the application. This is particularly important for security-sensitive environments, such as those databases are often involved in.
First you need to make sure that the Lab128 binary (lab128.exe) has not been tampered with. Because this file is digitally signed, it is easy to check its integrity using the MS Windows built-in signature verification. Check the properties of the file - right click on it in Windows Explorer and select Properties, then switch to Digital Signatures. You should see 128 Consulting in the "Name of Signer" column. See File integrity and Digital code signing for more details.
Below is a list of what Lab128 does and doesn't do.
As a Windows application, Lab128:
- Doesn't require administrator privilege to run;
- Uses normal (default) schedule priority from start to end;
- Memory (RAM) usage is dependent on the number of monitored instances and length of the history;
- Doesn't modify Windows Registry;
- Doesn't read/write from/to any directory other than Lab128's working directory designated during setup (unless explicitly allowed by the user);
As an Oracle Database application, Lab128:
- Establishes up to two connections to the Oracle monitored instance using the Oracle Call Interface (OCI) libraries. OCI is a part of Oracle client software;
- The connections are used to collect performance and configuration data for the sole purpose of performance troubleshooting and monitoring;
- Collected data is stored in-memory and optionally mirrored to disk for the purpose of recovering the application's state on restart or crash. User can optionally configure Lab128 to store collected data into files for later analysis;
- Uses SELECT queries (read-only) to collect performance and troubleshooting data;
- Never executes INSERT / UPDATE / DELETE queries or calls PL/SQL packages that can modify data in the database, unless explicitly directed by the user;
- As result of previous statement, Lab128 doesn't store any objects or data in the databases;
- Lab128 is optimized to present the smallest impact on the measured instance in terms of network traffic, CPU usage, and other database resources while achieving the goal of collecting performance data. Lab128 is able to slow down the collection rate if the response time from the measured database increases;
As a Secure Shell (SSH) client:
- Lab128 will only use SSH to connect to the host when directed by the user;
- The SSH client implementation uses the MS Windows CryptGenRandom function as a random number generator which provides cryptographically strong session keys;
- The SSH connection is used for OS level performance data collection. Currently the connection is hardcoded to execute the 'top' command. The SFTP channel of the SSH session is used for reading Oracle alert and trace files. All files are accessed read-only, Lab128 does not write any files or execute other OS commands unless the user explicitly directs to do so;
As a network application, Lab128:
- Doesn't attempt to initiate or accept connections other than described above;
- For user's convenience, Lab128 stores connection attributes in the lab128.ini file if the user requests to store them. Per user discretion, these attributes can include passwords. All these attributes are stored in encrypted form, although it is technically feasible to reverse engineer the encryption and recover passwords which may impose a security threat. For this reason it is not recommended to store the passwords for stored connections. It is recommended to use accounts with limited privileges;
- Lab128 can be configured to store collected performance data into files. These files also store texts of the most expensive SQL statements and the mappings of Object ID to Object Name and User ID to User Name. This information is necessary for presenting performance data. Although this information is stored in compressed form, it is not encrypted. Potentially this can impose a security risk; therefore the user may need to adjust access to the directories that store these files.