www.oradev.com
  Database   Sql   Functions   Packages   Performance   Books   Oracle   Other   About   XML   ORA-messages
  How to secure your webserver with pl/sql toolkit
Using a ref cursor
How to redirect a page
Oracle scripts
How to secure your webserver
How to WAP in pl/sql
Use XML in the database


  OraDev.com

How to Secure your webserver with pl/sql toolkit

1. Protect your ports

- You need a firewall that denies traffic on ports that are not being used.

To test this, you can use a portscanner. Try one of these:
Linux: Nmap stealth port scanner
Windows: Necrosoft NSCAN

2. Protect insecure packages

There are some very insecure pakcages in the pl/sql toolkit.
You need to revoke the rights on these packages from the public users. Otherwise users from the internet can easily get information from your database.
To check this, add the following code at the end of your "http"-path:
If one of these statements gives a result, you should revoke some rights!

Protect execution of DDL

dbms_utility.EXEC_DDL_STATEMENT?PARSE_STRING=create procedure test as begin null; end;

Protect query on your database

owa_util.cellsprint?p_thequery=select%20*%20from%20user_role_privs

Protect viewing of source

owa_util.showsource?cname=wwv_home.main