Oracle 11g下UTL_TCP包居然用不通了调研
Jun 07, 2016 pm 05:02 PM今天切换到Oracle11g下后,接着使用UTL_TCP与服务程序进行数据交互时,居然报出个ACL访问控制的问题,幸亏以前还有过些网络的基础
今天切换到Oracle11g下后,接着使用UTL_TCP与服务程序进行数据交互时,居然报出个ACL访问控制的问题,幸亏以前还有过些网络的基础,还知道ACL是个什么东西,,
而在Oracle11g下为了加强网络访问的安全性,对ACL进行了一个软的实现。下面就如何突破ACL这一层,进行了Oracle有关DBMS_NETWORK_ACL_ADMIN进行调研,下面是一些总结:
--ACL使用调研
关于让DBCoffer有关执行权限参考如下:
--用来获取主机IP或主机名
BEGIN
DBMS_NETWORK_ACL_ADMIN.create_acl (
acl => 'coffer_acl_file.xml',
description => 'A test of the ACL functionality',
--参数为:一个用户或者是一个角色
principal => 'COFFER',
is_grant => TRUE,
privilege => 'resolve'
--start_date => SYSTIMESTAMP,
--end_date => NULL
);
COMMIT;
END;
/
--让用户能够访问外网的相关端口与IP
BEGIN
DBMS_NETWORK_ACL_ADMIN.add_privilege (
acl => 'coffer_acl_file.xml',
--参数为:一个用户或者是一个角色
principal => 'COFFER',
is_grant => TRUE,
privilege => 'connect'
--position => NULL,
--start_date => NULL,
--end_date => NULL
);
COMMIT;
END;
/
--对这个访问控制列表指定一条规则
BEGIN
DBMS_NETWORK_ACL_ADMIN.assign_acl (
acl => 'coffer_acl_file.xml',
host => '*');
COMMIT;
END;
/
--当升级一个DBCoffer用户时需要执行
BEGIN
DBMS_NETWORK_ACL_ADMIN.add_privilege (
acl => 'coffer_acl_file.xml',
--参数为:一个用户或者是一个角色
principal => 'TEST',
is_grant => TRUE,
privilege => 'resolve'
--position => NULL,
--start_date => NULL,
--end_date => NULL
);
COMMIT;
END;
/
BEGIN
DBMS_NETWORK_ACL_ADMIN.add_privilege (
acl => 'coffer_acl_file.xml',
--参数为:一个用户或者是一个角色
principal => 'TEST',
is_grant => TRUE,
privilege => 'connect'
--position => NULL,
--start_date => NULL,
--end_date => NULL
);
COMMIT;
END;
/
--当撤销一个DBCoffer用户时,需要执行
BEGIN
DBMS_NETWORK_ACL_ADMIN.delete_privilege (
acl => 'coffer_acl_file.xml',
--参数为:一个用户或者是一个角色
principal => 'TEST',
is_grant => TRUE,
privilege => 'resolve');
COMMIT;
END;
/
BEGIN
DBMS_NETWORK_ACL_ADMIN.delete_privilege (
acl => 'coffer_acl_file.xml',
--参数为:一个用户或者是一个角色
principal => 'TEST',
is_grant => TRUE,
privilege => 'connect');
COMMIT;
END;
--删除一个访问控制列表
BEGIN
DBMS_NETWORK_ACL_ADMIN.drop_acl (
acl => 'coffer_acl_file.xml');
COMMIT;
END;
/

Hot Article

Hot tools Tags

Hot Article

Hot Article Tags

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

Reduce the use of MySQL memory in Docker

How do you alter a table in MySQL using the ALTER TABLE statement?

How to solve the problem of mysql cannot open shared library

What is SQLite? Comprehensive overview

Run MySQl in Linux (with/without podman container with phpmyadmin)

Running multiple MySQL versions on MacOS: A step-by-step guide

How do I secure MySQL against common vulnerabilities (SQL injection, brute-force attacks)?

How do I configure SSL/TLS encryption for MySQL connections?
