www.oradev.com   for Oracle developers
  Pl/sql articles   Oracle articles   Performance   scripts   Books   Documentation   Links   XML
  Articles
Number format
Sequence
Use XML in the database
Using XML functions
Oracle training
Oracle certification
Create statistics
dbms_profiler explained
How to use hints
Rename tables, columns
Scheduling in 10g
How to WAP in pl/sql
How to redirect a page
How to secure your webserver
How to use utl_http
How to Trace sessions




  How to secure your webserver with pl/sql toolkit
How to Secure your webserver with pl/sql toolkit

1. Protect your ports

- You need a firewall that denies traffic on ports that are not being used.

To test this, you can use a portscanner. Try one of these:
Linux: Nmap stealth port scanner
Windows: Necrosoft NSCAN

2. Protect insecure packages

There are some very insecure pakcages in the pl/sql toolkit.
You need to revoke the rights on these packages from the public users. Otherwise users from the internet can easily get information from your database.
To check this, add the following code at the end of your "http"-path:
If one of these statements gives a result, you should revoke some rights!

Protect execution of DDL

dbms_utility.EXEC_DDL_STATEMENT?PARSE_STRING=create procedure test as begin null; end;

Protect query on your database

owa_util.cellsprint?p_thequery=select%20*%20from%20user_role_privs

Protect viewing of source

owa_util.showsource?cname=wwv_home.main