How to secure your webserver with pl/sql toolkit
|
|
|
|
|
  OraDev.com
|
How to Secure your webserver with pl/sql toolkit
1. Protect your ports
- You need a firewall that denies traffic on ports that
are not being used.
To test this, you can use a portscanner. Try one of these:
Linux: Nmap stealth port scanner
Windows:
Necrosoft NSCAN
2. Protect insecure packages
There are some very insecure pakcages in the pl/sql toolkit.
You need to revoke the rights on these packages from the public users. Otherwise users from the internet can easily get information from your database.
To check this, add the following code at the end of your "http"-path:
If one of these statements gives a result, you should revoke some rights!
Protect execution of DDL
dbms_utility.EXEC_DDL_STATEMENT?PARSE_STRING=create procedure test as begin null; end;
Protect query on your database
owa_util.cellsprint?p_thequery=select%20*%20from%20user_role_privs
Protect viewing of source
owa_util.showsource?cname=wwv_home.main
|
|
|
|
|
|