Some tips tips for Oracle _oracle applications

Source: Internet
Author: User
Tags character set sessions sql injection
Recently, a lot of people in the group discussed Oracle security issues, and today I found some information to learn

Gets some of the properties of the Oracle current session (useful for SQL injection environmental judgments)

The Sys_context function returns the property value associated with the context namespace. This function can be used in SQL and PL/SQL statements.
Note: Sys_context returns properties for the duration of the user session, so you cannot use it in parallel queries or in real-time application of the cluster environment.

For namespaces and variables, you can define them as constant strings, or you can define a variable to replace a namespace or a string of attributes. The namespace must have been defined in the database and the associated parameters and values have been assigned to Dbms_session. The namespace must be a valid SQL identifier. The variable name can be any string. They are case-insensitive, but cannot exceed 30 bytes in length.

The data type returned by the function is VARCHAR2, and the default maximum length of the regression value is 256 bytes. You can also modify the default length value by setting the function parameter length. The valid length range for a value is 1 to 4000 bytes. (If you specify a value that is not in this range, Oracle will use the lack of governor degree.) )

Oracle9i provides a built-in "USERENV" namespace to represent the current session information. The predefined parameters of the namespace are table 1, and the last column of the table identifies the length of the return value.

Grammar:
Sys_context (namespace, attribute[, length])

Example:
Select Sys_context (' USERENV ', ' TERMINAL ') TERMINAL,
Sys_context (' USERENV ', ' LANGUAGE ') LANGUAGE,
Sys_context (' USERENV ', ' SESSIONID ') SESSIONID,
Sys_context (' USERENV ', ' INSTANCE ') INSTANCE,
Sys_context (' USERENV ', ' ENTRYID ') ENTRYID,
Sys_context (' USERENV ', ' isdba ') ISDBA,
Sys_context (' USERENV ', ' nls_territory ') nls_territory,
Sys_context (' USERENV ', ' nls_currency ') nls_currency,
Sys_context (' USERENV ', ' Nls_calendar ') Nls_calendar,
Sys_context (' USERENV ', ' Nls_date_format ') Nls_date_format,
Sys_context (' USERENV ', ' nls_date_language ') nls_date_language,
Sys_context (' USERENV ', ' nls_sort ') Nls_sort,
Sys_context (' USERENV ', ' current_user ') Current_User,
Sys_context (' USERENV ', ' Current_userid ') Current_userid,
Sys_context (' USERENV ', ' session_user ') Session_user,
Sys_context (' USERENV ', ' Session_userid ') Session_userid,
Sys_context (' USERENV ', ' Proxy_user ') Proxy_user,
Sys_context (' USERENV ', ' Proxy_userid ') Proxy_userid,
Sys_context (' USERENV ', ' db_domain ') Db_domain,
Sys_context (' USERENV ', ' db_name ') db_name,
Sys_context (' USERENV ', ' host ') host,
Sys_context (' USERENV ', ' Os_user ') Os_user,
Sys_context (' USERENV ', ' external_name ') External_name,
Sys_context (' USERENV ', ' ip_address ') ip_address,
Sys_context (' USERENV ', ' Network_protocol ') Network_protocol,
Sys_context (' USERENV ', ' bg_job_id ') bg_job_id,
Sys_context (' USERENV ', ' fg_job_id ') fg_job_id,
Sys_context (' USERENV ', ' Authentication_type ') Authentication_type,
Sys_context (' USERENV ', ' authentication_data ') authentication_data
From DUAL;

The following statement returns the name of the logged-on User:

CONNECT Oe/oe
Select Sys_context (' USERENV ', ' session_user ')
From DUAL;
Sys_context (' USERENV ', ' session_user ')




I found it on the Internet.
[Code] Authentication_data
Data being used to authenticate the login user. For x.503 certificate authenticated sessions, this field returns the "context of" the certificate in HEX2 format.
256


Note:you can change the return value of the authentication_data using the length parameter of the syntax. Values of up to 4000 are accepted. This is the attribute of USERENV to which Oracle implements such a change.


Authentication_type
How the user was authenticated:

Database:username/password Authentication

os:operating System External user authentication

Network:network protocol or ANO authentication

PROXY:OCI Proxy Connection authentication

30

bg_job_id
Job ID of the current session if it is established by an Oracle background process. Null if the session is not established by a background process.
30

Client_info
Returns up to bytes of user sessions information that can is stored by a application using the Dbms_application_info PA Ckage.
64

Current_schema
Name of the default schema being used in the current schema. This value can is changed during the session with a alter session SET CURRENT_SCHEMA statement.
30

Current_schemaid
Identifier of the default schema being used in the current session.
30

Current_User
The name of the user whose privilege is under.
30

Current_userid
User ID of the user whose privilege the current session is under
30

Db_domain
Domain of the database as specified in the Db_domain initialization parameter.
256

Db_name
Name of the database as specified in the db_name initialization parameter
30

ENTRYID
The available auditing entry identifier. You are cannot use this option in distributed SQL statements. To the keyword in USERENV, the initialization parameter Audit_trail must is set to true.
30

External_name
External name of the database user.  For SSL authenticated sessions a using v.503 certificates, this field returns the distinguished name (DN) stored in the user Certificate.
256

fg_job_id
Job ID of the current session if it is established by a client foreground process. Null if the session is not established by a foreground process.
30

HOST
The Name of the host machine from which the client has connected.
54

INSTANCE
The instance identification number of the current instance.
30

IP_Address
IP address to the machine from which, the client is connected.
30

Isdba
TRUE If you are currently have the DBA role enabled and FALSE.
30

Lang
The ISO abbreviation for the language name, a shorter form than the existing ' language ' parameter.
62

LANGUAGE
The language and territory currently used by your sessions, along with the database character set, in this form:

Language_territory.characterset
52

Network_protocol
Network protocol being used for communication, as specified in the ' protocol=protocol ' portion of the ' connect string.
256

Nls_calendar
The current calendar is session.
62

Nls_currency
The currency of the current session.
62

Nls_date_format
The date format for the session.
62

Nls_date_language
The language used for expressing dates.
62

Nls_sort
BINARY or the linguistic sort basis.
62

Nls_territory
The territory of the current session.
62

Os_user
Operating system username of the client process that initiated the database session
30

Proxy_user
Name of the database user who opened the "current sessions on" behalf of Session_user.
30

Proxy_userid
Identifier of the database user who opened the "current session" on behalf of Session_user.
30

Session_user
The Database user name by which the "Current user" is authenticated. This value remains the duration of the same throughout.
30

Session_userid
Identifier of the database user name by which the "Current user" is authenticated.
30

SESSIONID
The auditing session identifier. You are cannot use this option in distributed SQL statements.
30

TERMINAL
The operating system identifier for the "client" session. In distributed SQL statements, this option returns the identifier for your local session. In a distributed environment, this is supported only for remote SELECT statements, not for remote insert, UPDATE, or delet E operations. (The return length of this parameter could vary by operating system.)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.