Recently, a lot of people in the group discussed Oracle security issues, and today I found some information to learn
Gets some of the properties of the Oracle current session (useful for SQL injection environmental judgments)
The Sys_context function returns the property value associated with the context namespace. This function can be used in SQL and PL/SQL statements.
Note: Sys_context returns properties for the duration of the user session, so you cannot use it in parallel queries or in real-time application of the cluster environment.
For namespaces and variables, you can define them as constant strings, or you can define a variable to replace a namespace or a string of attributes. The namespace must have been defined in the database and the associated parameters and values have been assigned to Dbms_session. The namespace must be a valid SQL identifier. The variable name can be any string. They are case-insensitive, but cannot exceed 30 bytes in length.
The data type returned by the function is VARCHAR2, and the default maximum length of the regression value is 256 bytes. You can also modify the default length value by setting the function parameter length. The valid length range for a value is 1 to 4000 bytes. (If you specify a value that is not in this range, Oracle will use the lack of governor degree.) )
Oracle9i provides a built-in "USERENV" namespace to represent the current session information. The predefined parameters of the namespace are table 1, and the last column of the table identifies the length of the return value.
I found it on the Internet.
[Code] Authentication_data
Data being used to authenticate the login user. For x.503 certificate authenticated sessions, this field returns the "context of" the certificate in HEX2 format.
256
Note:you can change the return value of the authentication_data using the length parameter of the syntax. Values of up to 4000 are accepted. This is the attribute of USERENV to which Oracle implements such a change.
Authentication_type
How the user was authenticated:
Database:username/password Authentication
os:operating System External user authentication
Network:network protocol or ANO authentication
PROXY:OCI Proxy Connection authentication
30
bg_job_id
Job ID of the current session if it is established by an Oracle background process. Null if the session is not established by a background process.
30
Client_info
Returns up to bytes of user sessions information that can is stored by a application using the Dbms_application_info PA Ckage.
64
Current_schema
Name of the default schema being used in the current schema. This value can is changed during the session with a alter session SET CURRENT_SCHEMA statement.
30
Current_schemaid
Identifier of the default schema being used in the current session.
30
Current_User
The name of the user whose privilege is under.
30
Current_userid
User ID of the user whose privilege the current session is under
30
Db_domain
Domain of the database as specified in the Db_domain initialization parameter.
256
Db_name
Name of the database as specified in the db_name initialization parameter
30
ENTRYID
The available auditing entry identifier. You are cannot use this option in distributed SQL statements. To the keyword in USERENV, the initialization parameter Audit_trail must is set to true.
30
External_name
External name of the database user. For SSL authenticated sessions a using v.503 certificates, this field returns the distinguished name (DN) stored in the user Certificate.
256
fg_job_id
Job ID of the current session if it is established by a client foreground process. Null if the session is not established by a foreground process.
30
HOST
The Name of the host machine from which the client has connected.
54
INSTANCE
The instance identification number of the current instance.
30
IP_Address
IP address to the machine from which, the client is connected.
30
Isdba
TRUE If you are currently have the DBA role enabled and FALSE.
30
Lang
The ISO abbreviation for the language name, a shorter form than the existing ' language ' parameter.
62
LANGUAGE
The language and territory currently used by your sessions, along with the database character set, in this form:
Language_territory.characterset
52
Network_protocol
Network protocol being used for communication, as specified in the ' protocol=protocol ' portion of the ' connect string.
256
Nls_calendar
The current calendar is session.
62
Nls_currency
The currency of the current session.
62
Nls_date_format
The date format for the session.
62
Nls_date_language
The language used for expressing dates.
62
Nls_sort
BINARY or the linguistic sort basis.
62
Nls_territory
The territory of the current session.
62
Os_user
Operating system username of the client process that initiated the database session
30
Proxy_user
Name of the database user who opened the "current sessions on" behalf of Session_user.
30
Proxy_userid
Identifier of the database user who opened the "current session" on behalf of Session_user.
30
Session_user
The Database user name by which the "Current user" is authenticated. This value remains the duration of the same throughout.
30
Session_userid
Identifier of the database user name by which the "Current user" is authenticated.
30
SESSIONID
The auditing session identifier. You are cannot use this option in distributed SQL statements.
30
TERMINAL
The operating system identifier for the "client" session. In distributed SQL statements, this option returns the identifier for your local session. In a distributed environment, this is supported only for remote SELECT statements, not for remote insert, UPDATE, or delet E operations. (The return length of this parameter could vary by operating system.)
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.