Home > Developer > PHP

Some tips for oracle _ Oracle Application _ script house

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Oracle tips skills

Oracle tips skills

Recently, many people in the group have discussed oracle Security Issues. Today I have found some materials to learn more.

Obtain the attributes of the current Oracle SESSION (useful for determining the SQL Injection environment)

The SYS_CONTEXT function returns the attribute values related to the context namespace. This function can be used in SQL and PL/SQL statements.
Note: SYS_CONTEXT returns attributes during user sessions. Therefore, you cannot use SYS_CONTEXT in parallel queries or real-time application cluster environments.

For namespaces and variables, you can define them as constant strings or variables to replace namespaces or attribute strings. The namespace must have been defined in the database and the relevant parameters and values have been specified in DBMS_SESSION. The namespace must be a valid SQL identifier. The variable name can be any string. They are case-insensitive, but cannot exceed 30 bytes.

The data type returned by the function is VARCHAR2, and the maximum regression value is 256 bytes by default. You can also modify the default length value by setting the length of the function parameter. The valid length range of the value is 1 to 4000 bytes. (If the value you specified is not in this range, Oracle uses the default length .)

Oracle9i provides a built-in "USERENV" namespace to indicate the current session information. The predefined parameters of this namespace are shown in table 1. The last column of the table identifies the length of the returned value.

Syntax:
SYS_CONTEXT (namespace, attribute [, length])

Example:
Select SYS_CONTEXT ('userenv', 'terminal') TERMINAL,
SYS_CONTEXT ('userenv', 'language') LANGUAGE,
SYS_CONTEXT ('userenv', 'sessionid') SESSIONID,
SYS_CONTEXT ('userenv', 'instance') INSTANCE,
SYS_CONTEXT ('userenv', 'entryid') ENTRYID,
SYS_CONTEXT ('userenv', 'isdba ') ISDBA,
SYS_CONTEXT ('userenv', 'nls _ TERRITORY ') NLS_TERRITORY,
SYS_CONTEXT ('userenv', 'nls _ CURRENCY ') NLS_CURRENCY,
SYS_CONTEXT ('userenv', 'nls _ CALENDAR ') NLS_CALENDAR,
SYS_CONTEXT ('userenv', 'nls _ DATE_FORMAT ') NLS_DATE_FORMAT,
SYS_CONTEXT ('userenv', 'nls _ DATE_LANGUAGE ') NLS_DATE_LANGUAGE,
SYS_CONTEXT ('userenv', 'nls _ SORT ') NLS_SORT,
SYS_CONTEXT ('userenv', 'current _ user') CURRENT_USER,
SYS_CONTEXT ('userenv', 'current _ userid') CURRENT_USERID,
SYS_CONTEXT ('userenv', 'session _ user') SESSION_USER,
SYS_CONTEXT ('userenv', 'session _ userid') SESSION_USERID,
SYS_CONTEXT ('userenv', 'proxy _ user') PROXY_USER,
SYS_CONTEXT ('userenv', 'proxy _ userid') PROXY_USERID,
SYS_CONTEXT ('userenv', 'db _ DOMAIN ') DB_DOMAIN,
SYS_CONTEXT ('userenv', 'db _ name') DB_NAME,
SYS_CONTEXT ('userenv', 'host') HOST,
SYS_CONTEXT ('userenv', 'OS _ user') OS _USER,
SYS_CONTEXT ('userenv', 'external _ name') EXTERNAL_NAME,
SYS_CONTEXT ('userenv', 'IP _ address') IP_ADDRESS,
SYS_CONTEXT ('userenv', 'network _ Protocol') NETWORK_PROTOCOL,
SYS_CONTEXT ('userenv', 'bg _ JOB_ID ') BG_JOB_ID,
SYS_CONTEXT ('userenv', 'fg _ JOB_ID ') FG_JOB_ID,
SYS_CONTEXT ('userenv', 'authentication _ type') AUTHENTICATION_TYPE,
SYS_CONTEXT ('userenv', 'authentication _ data') AUTHENTICATION_DATA
From dual;

The following statement returns the Login User name:

Connect oe/OE
Select SYS_CONTEXT ('userenv', 'session _ user ')
From dual;
SYS_CONTEXT ('userenv', 'session _ user ')




Found online
[Code] AUTHENTICATION_DATA
Data being used to authenticate the login user. For X.503 certificate authenticated sessions, this field returns the context of the certificate in HEX2 format.
256


Note: You can change the return value of the AUTHENTICATION_DATA attribute using the length parameter of the syntax. values of up to 4000 are accepted. this is the only attribute of USERENV for which Oracle implements such a change.


AUTHENTICATION_TYPE
How the user was authenticated:

DATABASE: username/password authentication

OS: operating system external user authentication

NETWORK: network protocol or ANO authentication

PROXY: OCI proxy connection authentication

30

BG_JOB_ID
Job ID of the current session if it was established by an Oracle background process. Null if the session was not established by a background process.
30

CLIENT_INFO
Returns up to 64 bytes of user session information that can be stored by an application using the DBMS_APPLICATION_INFO package.
64

CURRENT_SCHEMA
Name of the default schema being used in the current schema. This value can be changed during the session with an alter session set CURRENT_SCHEMA statement.
30

CURRENT_SCHEMAID
Identifier of the default schema being used in the current session.
30

CURRENT_USER
The name of the user whose privilege the current session is under.
30

CURRENT_USERID
User ID of the user whose privilege the current session is under
30

DB_DOMAIN
Domain of the database as specified in the DB_DOMAIN initialization parameter.
256

DB_NAME
Name of the database as specified in the DB_NAME initialization parameter
30

ENTRYID
The available auditing entry identifier. You cannot use this option in distributed SQL statements. To use this keyword in USERENV, the initialization parameter AUDIT_TRAIL must be set to true.
30

EXTERNAL_NAME
External name of the database user. For SSL authenticated sessions using v.503 certificates, this field returns the distinguished name (DN) stored in the user certificate.
256

FG_JOB_ID
Job ID of the current session if it was established by a client foreground process. Null if the session was not established by a foreground process.
30

HOST
Name of the host machine from which the client has connected.
54

INSTANCE
The instance identification number of the current instance.
30

IP_ADDRESS
IP address of the machine from which the client is connected.
30

ISDBA
TRUE if you currently have the DBA role enabled and FALSE if you do not.
30

LANG
The ISO abbreviation for the language name, a shorter form than the existing 'language' parameter.
62

LANGUAGE
The language and territory currently used by your session, along with the database character set, in this form:

Language_territory.characterset
52

NETWORK_PROTOCOL
Network protocol being used for communication, as specified in the 'Protocol = Protocol' portion of the connect string.
256

NLS_CALENDAR
The current calendar of the current session.
62

NLS_CURRENCY
The currency of the current session.
62

NLS_DATE_FORMAT
The date format for the session.
62

NLS_DATE_LANGUAGE
The language used for expressing dates.
62

NLS_SORT
BINARY or the linguistic sort basis.
62

NLS_TERRITORY
The territory of the current session.
62

OS _USER
Operating system username of the client process that initiated the database session
30

PROXY_USER
Name of the database user who opened the current session on behalf of SESSION_USER.
30

PROXY_USERID
Identifier of the database user who opened the current session on behalf of SESSION_USER.
30

SESSION_USER
Database user name by which the current user is authenticated. This value remains the same throughout the duration of the session.
30

SESSION_USERID
Identifier of the database user name by which the current user is authenticated.
30

SESSIONID
The auditing session identifier. You cannot use this option in distributed SQL statements.
30

TERMINAL
The operating system identifier for the client of the current session. in distributed SQL statements, this option returns the identifier for your local session. in a distributed environment, this is supported only for remote select statements, not for remote insert, update, or delete operations. (The return length of this parameter may vary by operating system .)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
oracle sql tuning tips oracle performance tuning tips script oracle performance tuning in oracle 11g tips oracle java application server oracle application developer oracle application server

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More