Which has the higher priority in your organization: Deploying a new database or securing the ones you already have?
Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose
Real Application Security
AUTHID
CURRENT_USER
Constants
Name
Data Type
Value
COMMON_WORKSPACE
VARCHAR2(6)
'XS'
SCHEMA_ACL
VARCHAR2(13)
'XS$SCHEMA_ACL'
XSCONNECT
VARCHAR2(9)
'XSCONNECT'
STRING_MAXLEN
PLS_INTEGER
4000
NON_EMPTY_STRING_MINLEN
PLS_INTEGER
1
STRING_MINLEN
PLS_INTEGER
0
XSNAME_MINLEN
PLS_INTEGER
1
XSNAME_MAXLEN
PLS_INTEGER
130
PARAMNAME_MINLEN
PLS_INTEGER
1
PARAMNAME_MAXLEN
PLS_INTEGER
128
XSQNAME_MINLEN
PLS_INTEGER
1
XSQNAME_MAXLEN
PLS_INTEGER
261
EXTERNAL_NAME_MINLEN
PLS_INTEGER
1
EXTERNAL_NAME_MAXLEN
PLS_INTEGER
130
WORKSPACE_MINLEN
PLS_INTEGER
1
WORKSPACE_MAXLEN
PLS_INTEGER
128
DBNAME_MINLEN
PLS_INTEGER
1
DBNAME_MAXLEN
PLS_INTEGER
130
OBJTYPE_PRINCIPAL
PLS_INTEGER
1
OBJTYPE_SECURITY_CLASS
PLS_INTEGER
2
OBJTYPE_ACL
PLS_INTEGER
3
OBJTYPE_PRIVILEGE
PLS_INTEGER
4
OBJTYPE_DATA_SECURITY
PLS_INTEGER
5
OBJTYPE_ROLESET
PLS_INTEGER
6
OBJTYPE_NSTEMPL
PLS_INTEGER
7
OBJTYPE_SYSOP
PLS_INTEGER
101
OBJTYPE_ADMOP
PLS_INTEGER
102
OBJTYPE_APPLY_POLICY
PLS_INTEGER
103
OBJTYPE_GRANTOP
PLS_INTEGER
104
OBJTYPE_REVOKEOP
PLS_INTEGER
105
OBJTYPE_SET_POLICY
PLS_INTEGER
106
Delete Options
DEFAULT_OPTION
PLS_INTEGER
1
CASCADE_OPTION
PLS_INTEGER
2
ALLOW_INCONSISTENCIES_OPTION
PLS_INTEGER
3
Specify if an object exists in the base table or not
Returns an exception if the test string's length is not between the min and max boundaries
xs_admin_util.check_length(
str IN VARCHAR2,
min_length IN PLS_INTEGER,
max_length IN PLS_INTEGER);
exec xs_admin_util.check_length('TEST', 1, 10);
PL/SQL procedure successfully completed.
exec xs_admin_util.check_length('TEST', 7, 10);
BEGIN xs_admin_util.check_length('TEST', 7, 10); END;
*
ERROR at line 1:
ORA-46076: The specified name length not within valid range.
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 70
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 54
ORA-06512: at line 1
xs_admin_util.grant_system_privilege(
priv_name IN VARCHAR2,
user_name IN VARCHAR2,
user_type IN PLS_INTEGER := xs_admin_util.ptype_db,
schema IN VARCHAR2 := NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(grant_system_privilege, AUTO);
xs_admin_util.raise_error(
error_number IN PLS_INTEGER,
error_str1 IN VARCHAR2 DEFAULT NULL,
error_str2 IN VARCHAR2 DEFAULT NULL,
keep_stack IN BOOLEAN DEFAULT TRUE);
exec xs_admin_util.raise_error(-600, 'Just What We Need');
BEGIN xs_admin_util.raise_error(-600, 'Just What We Need'); END;
*
ERROR at line 1:
ORA-46095: Invalid error code supplied
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 70
ORA-06512: at line 1
SQL> exec xs_admin_util.raise_error(46084, 'Just What We Need');
BEGIN xs_admin_util.raise_error(46084, 'Just What We Need'); END;
*
ERROR at line 1:
ORA-46084: cannot update or delete system-seeded XS objects.
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 70
ORA-06512: at line 1
xs_admin_util.revoke_system_privilege(
priv_name IN VARCHAR2,
user_name IN VARCHAR2,
user_type IN PLS_INTEGER := xs_admin_util.ptype_db,
schema IN VARCHAR2 := NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(revoke_system_privilege, AUTO);
xs_admin_util.validate_db_object_name(
input_name IN VARCHAR2,
object_name OUT VARCHAR2,
error_msg IN VARCHAR2 DEFAULT NULL);
DECLARE
outVal VARCHAR2(30);
BEGIN
xs_admin_util.validate_db_object_name('N0n Sense', outVal, 'ReadTheDocs');
dbms_output.put_line(outVal);
END;
/
DECLARE
*
ERROR at line 1:
ORA-28104: input value for ReadTheDocs is not valid
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 163
ORA-06512: at line 4
DECLARE
outVal VARCHAR2(30);
BEGIN
xs_admin_util.validate_db_object_name('N0nSense', outVal);
dbms_output.put_line(outVal);
END;
/
N0NSENSE
xs_admin_util.validate_db_user(
input_name IN VARCHAR2,
error_msg IN VARCHAR2 DEFAULT NULL);
exec xs_admin_util.validate_db_user('N0nSense', 'Bad Choice')
BEGIN xs_admin_util.validate_db_user('N0nSense', 'Bad Choice'); END;
*
ERROR at line 1:
ORA-28104: input value for Bad Choice is not valid
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 185
ORA-06512: at line 1