SQL Injection For Fun and (Oracle's) Profit
I can just imagine a carefully crafted SQL injection query to invoke the INMEMORY feature, and costing the company a shed-load of money.
After much back-and-forth on blogs, Twitter, and online forums, Oracle has admitted that there is a bug that can cause its new in-memory database option to be reported as being in use when it's not, although the actual risk it poses remains unclear. As reported by The Register last week, database pro Kevin Closson was the …
No doubt that Oracle might try to charge an unknowing customer for a false positive, much in the same way that MANY customers have probably been changed for spatial, even when they only use some locator functionality (hello ESRI customers). Many of their "detection" routines simply looked to see if there was an MDSYS schema, or there were any SDO_GEOMETRY objects in tables - both which are included with locator (all editions). So much so I wrote a complex function to go through every object in the database and log if it belonged to spatial, or just locator based on their complex definition in the appendix of which is which.
That they price this new option the same per processor as the base "enterprise edition" (much like a stripped down car with no performance options) is nuts, IMHO. Want in-memory - pay up. Want to partition your tables - pay up. Want to actively compress data in tables - pay up. Etc, etc. Honestly Oracle, want to increase sales and make your support users happy? Double the EE cost but throw in the works. Then us DBAs can really have a toolbox to tune for performance.
Actually there were many such cases in the past, in which oracle feature usage view was just showing BS - like features considered to be parts of tuning pack were logged on as used in this view as a result of running oracle automatic maintenance jobs, that no one even had to be aware of. I think I also remember a case when installing sample schemas made partitioning option shown as used etc. But this doesn't mean they are going to make you pay for that - ok, it is possible that someone could use it to cheat on unaware customer but I was being audited by oracle twice, and each such situation when feature usage differed from license we had was checked separately and in details. I don't think there's company in the world who would accept result of such audit without carefully checking. In all my cases none of such nonsense made us pay a single cent, of course there were situations where people really activated separately licensed modules, usually tuning pack, without knowing what they do - but that wasn't really "by accident", they wanted to use feature that oracle advertised but didn't know it means paying and oracle was so nice that let them do that without asking. Which shouldn't be possible if this company would treat customers as customers, not hostages. But that's separate story.