Introduction to Oracle Security

Database security and least privilege principles

One, public permissions

The public role is implicitly granted to each user. As long as any permissions are granted to public, the appropriate permissions are actually granted to everyone who can connect to the database, and each account created has access to those permissions. By default, public users have a large number of permissions.

Gyj@ocm> Select COUNT (*) from Dba_tab_privs where grantee= ' public ';

COUNT (*)

----------

28164

Gyj@ocm> Select table_name from DBA_TAB_PRIVS where grantee= ' public ' and privilege= ' EXECUTE ' and ' table_name like ' utl% ' ;

table_name

------------------------------

Utl_raw

Utl_ident

Utl_tcp

Utl_http

Utl_file

Utl_inaddr

Utl_smtp

Utl_url

Utl_encode

Utl_gdk

Utl_compress

utl_i18n

Utl_lms

Utl_nla_array_dbl

Utl_nla_array_flt

Utl_nla_array_int

Utl_nla

Utl_ref

Utl_coll

Utl_match

Utl_binaryinputstream

Utl_binaryoutputstream

Utl_characterinputstream

Utl_characteroutputstream

Selected rows.

Although the application software can grant the public user permission to execute the UTL package, we should remove this permission from the public user. You can cancel this permission by doing the following:

Gyj@ocm> Conn/as SYSDBA

Connected.

Sys@ocm> revoke execute on utl_file from public;

Revoke succeeded.

Utl_file: This package allows users to read and write the operating system, any files and directories that are accessible to the Oracle owner, including all database files and Oracle_home directories.