UTL_FILE:这个包允许用户读写操作系统Oracle所有者可以访问的任何文件和目录。尤其是windows下及其危险。
UTL_TCP:这个包允许恶意用户使用本系统中的数据库作为攻击其他系统的发起点或者向未授权用户传输数据。
例如,要使数据库会话创建由服务器的操作系统存储的文件,这个会话必须有UTL_FILE包上的权限,设置了UTL_FILE_DIR参数,并且oracle用户对这个目录的写权限。
SQL> select 'revoke execute on '||table_name||' from public;' from dba_tab_privs where table_name like 'UTL_%';
revoke execute on UTL_ALL_IND_COMPS from public;
revoke execute on UTL_URL from public;
revoke execute on UTL_TCP from public;
revoke execute on UTL_SMTP from public;
revoke execute on UTL_REF from public;
revoke execute on UTL_RAW from public;
revoke execute on UTL_NLA_ARRAY_INT from public;
revoke execute on UTL_NLA_ARRAY_FLT from public;
revoke execute on UTL_NLA_ARRAY_DBL from public;
revoke execute on UTL_NLA from public;
revoke execute on UTL_MATCH from public;
revoke execute on UTL_LMS from public;
revoke execute on UTL_INADDR from public;
revoke execute on UTL_IDENT from public;
revoke execute on UTL_I18N from public;
revoke execute on UTL_HTTP from public;
revoke execute on UTL_GDK from public;
revoke execute on UTL_FILE from public;
revoke execute on UTL_ENCODE from public;
revoke execute on UTL_COMPRESS from public;
revoke execute on UTL_COLL from public;
revoke execute on UTL_CHARACTEROUTPUTSTREAM from public;
revoke execute on UTL_CHARACTERINPUTSTREAM from public;
revoke execute on UTL_BINARYOUTPUTSTREAM from public;
revoke execute on UTL_BINARYINPUTSTREAM from public;
revoke execute on UTL_SMTP from public;
revoke execute on UTL_HTTP from public;
revoke execute on UTL_FILE from public;
UTL_TCP:这个包允许恶意用户使用本系统中的数据库作为攻击其他系统的发起点或者向未授权用户传输数据。
例如,要使数据库会话创建由服务器的操作系统存储的文件,这个会话必须有UTL_FILE包上的权限,设置了UTL_FILE_DIR参数,并且oracle用户对这个目录的写权限。
SQL> select 'revoke execute on '||table_name||' from public;' from dba_tab_privs where table_name like 'UTL_%';
revoke execute on UTL_ALL_IND_COMPS from public;
revoke execute on UTL_URL from public;
revoke execute on UTL_TCP from public;
revoke execute on UTL_SMTP from public;
revoke execute on UTL_REF from public;
revoke execute on UTL_RAW from public;
revoke execute on UTL_NLA_ARRAY_INT from public;
revoke execute on UTL_NLA_ARRAY_FLT from public;
revoke execute on UTL_NLA_ARRAY_DBL from public;
revoke execute on UTL_NLA from public;
revoke execute on UTL_MATCH from public;
revoke execute on UTL_LMS from public;
revoke execute on UTL_INADDR from public;
revoke execute on UTL_IDENT from public;
revoke execute on UTL_I18N from public;
revoke execute on UTL_HTTP from public;
revoke execute on UTL_GDK from public;
revoke execute on UTL_FILE from public;
revoke execute on UTL_ENCODE from public;
revoke execute on UTL_COMPRESS from public;
revoke execute on UTL_COLL from public;
revoke execute on UTL_CHARACTEROUTPUTSTREAM from public;
revoke execute on UTL_CHARACTERINPUTSTREAM from public;
revoke execute on UTL_BINARYOUTPUTSTREAM from public;
revoke execute on UTL_BINARYINPUTSTREAM from public;
revoke execute on UTL_SMTP from public;
revoke execute on UTL_HTTP from public;
revoke execute on UTL_FILE from public;
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/20399666/viewspace-703282/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/20399666/viewspace-703282/