REVOKE EXECUTE ON UTL_HTTP FROM public in apps database

Similar Messages

• Revoke execute on packages from Public

  Dear all.
  I've got a doubt. I did the Oracle recommendations and on my Primary Database I revoke execute priviledge on the packges UTL_FILE, UTL_TCP, UTL_SMTP and UTL_HTTP using the command revoke execute on <package> from public.
  I tryed to do the same on my Physical Standby Database but it wasn't possible. I got a message saying that the database isn't open. My question is: When I do the faiolver, will the physical standby database apply thoe changes I had made on the Primary?
  Thanks a lot.

  It will be applied to the standby by archive log recovery.
  When I ran these "recommended" revokes I ended up with a broken database due to invalid objects, so make sure you compile invalid objects before and after the revoke, and compare counts to see if they have increased.

• How to execute sql scripts from Powershell across multiple databases

  Re: How to execute sql scripts from Powershell across multiple databases
  I have an tsql script that I want to run across a list of databases. How is the best way to do this in Powershell? Thanks.

  My example below, using just the SMO and not breaking up the batches, the ExecuteWithResults give the following error when the .sql file contains a GO. My script files are as simple as a DECLARE and then a GO.
  WARNING: SQL Script Failed
  The object of type "Microsoft.PowerShell.Commands.Internal.Format.FormatStartData" is not valid or not in the correct sequence. This is likely caused by a user-specified "format-list" comm
  and which is conflicting with the default formatting.
      + CategoryInfo          : InvalidData: (:) [out-lineoutput], InvalidOperationException
      + FullyQualifiedErrorId : ConsoleLineOutputOutOfSequencePacket,Microsoft.PowerShell.Commands.OutLineOutputCommand
  Also, when executing from the ISE, is there a way to force the ISE to release the files. I am having to close the ISE and reopen my script every time I want to make a testing change to the .sql file.
  [reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.Smo")
  $scriptspath = "C:\temp\psExecuteSQLScripts\scripts"
  $SQLServer = "fidevc10"
  $SQLDB = "Bank03"
  # Create SMO Server Object
  $Server = New-Object ('Microsoft.SQLServer.Management.Smo.Server') $SQLServer
  # Get SMO DB Object
  $db = $Server.Databases[$SQLDB]
  # Load All SQL Scripts in Directory
  $scripts = Get-ChildItem -Path (Join-Path $scriptspath "*") -Include "*.sql" -Recurse
  # Loop through each script and execute
  foreach ($SQLScript in $scripts)
  $fullpath = $SQLScript.FullName
  # Read the Script File into Powershell Memory
  $reader = New-Object System.IO.StreamReader($fullpath)
  $script = $reader.ReadToEnd()
  # Execute SQL
  Write-Host "Executing $SQLScript on $SQLDB...."
  try
  $ds = $db.ExecuteWithResults($script)
  Foreach ($t in $ds.Tables)
  Foreach ($r in $t.Rows)
  Foreach ($c in $t.Columns)
  Write-Host $c.ColumnName "=" $r.Item($c)
  Write-Host "Complete"
  catch [Exception]
  Write-Warning "SQL Script Failed"
  echo $_.Exception|format-list -force
  Write-Host " " -BackgroundColor DarkCyan

• Executing class files from a Java App dynamically

  Hi!, Is there any way i can execute java .class files from my Java Application dynamically. I know that java uses Dynamic method Invocation. Is that true of class files generated using some other language compiled for the JVM.
  In my case i would like to make a Web browser that interprets HTML and also java applets embeded in them. I would like to use the JRE of the platform execute the applets for me rather than writing the code for my Browser to interpret the class files.
  Thanks in Advance.

  You just need a custom class loader to bring these applets into your JVM.
  http://developer.java.sun.com/developer/onlineTraining/Security/Fundamentals/magercises/URLClassLoader/index.html
  Then you can use the methods of java.lang.Class to create an instance of such a class. As soon as you have it, you can just treat it as a regular Applet and invoke init(), stop() etc. appropriately.
  If you want to execute anything else than conventional Applets, you might consider reflection to find out about methods implemented:
  http://java.sun.com/docs/books/tutorial/reflect/index.html

• Revoke unnecessary privileges from public = enterpise manager problems

  Hi,
  After revoking the execute privilege on the following packages from public I have problems with enterprise manager (DB version 10.1.0.3.0) :
  UTL_SMTP
  UTL_TCP
  UTL_HTTP
  UTL_FILE
  DBMS_OBFUSCATION_TOOLKIT
  I have revoked the privileges via sqlplus:
  revoke execute on utl_smtp from public;
  If I login now on enterprise manager (user sys)
  the home tab on enterprise manager says "Status pending", the performance/administration and maintenance tabs work.
  Does anyone knows how to solve this?
  Thank You.

  I have had pretty good luck with the following - YMMV
  revoke execute on sys.utl_http from public;
  revoke execute on sys.utl_smtp from public;
  revoke execute on sys.utl_tcp from public;
  revoke execute on sys.dbms_random from public;
  revoke execute on sys.utl_file from public;
  revoke execute on sys.dbms_lob from public;
  revoke execute on dbms_job from public;
  grant execute on sys.utl_http to ORDPLUGINS;
  grant execute on sys.utl_file to xdb;

• Oracle recommends that you revoke EXECUTE privileges on powerful packages f

  Oracle recommends that you revoke EXECUTE privileges on powerful packages from PUBLIC
  Got on error on the home page of Enterprise Manager and read that I should run the code below to correct the problem, but when I click on the link at the bottom of EM to go to iSQL*Plus and choose to connect as sysdba I get a popup asking for me to input a password for my computer so I tried my local computer username and password, my network username and password and even my database username and password and neither lets me in. I can login under Normal but then I do not have rights to execute the command.
  revoke execute on utl_file from public;
  I know I have my computer username and password correct because I had to enter it to shutdown the database yesterday.
  And I had a problem with my listener not knowing the SID, but the error has since went away, but I do have an error on my listener saying
  Disk Utilization for 0 C: is 151.45%
  Edited by: jamesH2 on Aug 29, 2008 9:20 AM

  Hi James,
  Where you saw that Oracle recommend that? If you are refering to the Db console recomendations please take a look on this note also: Note:343620.1
  If you revoke any privilege from PUBLIC it becomes your own responsibility
  to ascertain that all your applications will keep working. The same goal can often be accomplished
  by replacing the privileges formerly granted to PUBLIC to some individual users or
  roles.
  Please take a look on this Metalink Note: 247093.1 Be Cautious When Revoking Privileges Granted to PUBLIC
  Regards,
  Francisco Munoz Alvarez
  www.oraclenz.com
  Edited by: F. Munoz Alvarez on Aug 30, 2008 1:31 AM

• How can I revoke execution of dbms_job from users ?

  I tried "revoke execute on dbms_job from user_X ;"
  and got an error that I can not revoke permission I didn't grant .
  I don't want that anyone who wants to schedule a job every 10 seconds will be able to do that . I want to permit only users of dba role , to execute this (or other) package .
  Thanks ,
  Lior .

  dbms_job is used under the covers by several pieces of database functionality including AQ notification, AQ propagation, refreshing of materialized views etc .
  I did see a security note that recommended revoking execute on dbms_job from public, but you should be well aware of possible unintended consequences of this action i.e. don't do this on a production database without testing it on a non-production database first !
  I don't really see the security benefit of this. Anyone could write a shell script or use the Windows scheduler or cron to submit the same huge query every 2 minutes !
  The real solution here is performance monitoring, auditing and accountability.
  -Ravi

• Revoke execute on proceudure inside itself

  Oops. This hung. Guess I need to create a separate function to revoke execute on dropuserrole ... Or is there another way to do this inside one function?
  create or replace function dropuserrole
  (username_in in varchar2,
  role_in in varchar2)
  return number
  IS
  begin
  execute immediate 'revoke ' || role_in || ' from '|| username_in;
  if role_in = 'armadmin' then
  execute immediate 'revoke execute on adduser from ' || username_in;
  execute immediate 'revoke execute on adduserrole from ' || username_in;
  execute immediate 'revoke execute on dropuserrole from ' || username_in;
  end if;
  return 0;
  exception
  when others
  then
  dbms_output.put_line ('Error in routine ' || dbms_utility.format_error_stack);
  return 1;
  end;

  Thanks for your response. I'm testing this from SQLPlus. If I move the revoke into another function and run two functions it works. If I combine into one proceudre, it still 'hangs'.
  create or replace procedure testcombinedrop
       (username_in in varchar2,
       role_in in varchar2)
  IS
  status     number;
  begin
  status := dropuserrole(username_in, role_in);
  if role_in = 'armadmin' then
       execute immediate 'revoke execute on dropuserrole from ' || username_in;
  end if;
  DBMS_OUTPUT.PUT_LINE('status= ' || status);
  end;
  /

• After revoked UTL_FILE from PUBLIC, found problem...

  Hi All
  I created new role that is "UTL_PUBLIC" and granted below package to new role and grant new role to all users in database after that revoke below roles from PUBLIC.
  UTL_FILE
  UTL_TCP
  UTL_SMTP
  UTL_HTTP
  DBMS_LOB
  DBMS_SQL
  DBMS_JOB
  DBMS_SCHEDULER
  DBMS_XMLGEN
  But I got the problem when export data that show about package error. So I granted above package back to PUBLIC and export again that was work.
  My question is Can I grant above package to new role and grant to db user instead of PUBLIC role? If yes, How will I do ? If no, please explain the reason.
  Thank you,
  Hiko

  Oracle support confirmed about this already.
  I cannot grant privilege execute on those packages via roles that will have troubles with procedures and packages.
  Only one solution, I must grant to users directly.
  Thank you
  Hiko

• Revoking sys.utl_smpt  from PUBLIC

  Oracle 10.2. We have ASP application on the top.
  I granted sys.utl_smpt to ST schema/user
  Then I revoke sys.utl_smpt FROM PUBLIC. This caused 5 invalid objects: sys.utl_smtp, sys.utl_mail, sys.dbms_aqelm, st.mail_files, st.mail_pkg. After re-compiled, two ST objects are still not valid: mail_files, mail_pkg. The error message is UTL_SMTP must be declared.
  The line is Mail_files procedure causing this problem: conn utl_smpt.connection
  I granted sys.utl_smpt specificly to this user and this user's procedure is still having problem. What am I doing wrong?
  Thanks
  S.

  After re-compiled, two ST objects are still not valid: mail_files, mail_pkg. The error message is UTL_SMTP must be declared.
  I granted sys.utl_smpt specificly to this user and this user's procedure is still having problemWhat Grant did you execute ?
  What is the "problem" that you are still having ?
  Hemant K Chitale

• 10G OEM - Revoke privileges from PUBLIC

  How do I revoke execute on a procedure from PUBLIC using 10G OEM?
  I have spent quite a bit time wandering around the tool and can not figure out how to do it using the tool.
  Thanks in advance.
  Janet

  Hi
  Is he viewing the table all_objects/all_tables etc. If he views user_tables/user_objects he will see only the objects created by him.
  I doubt whether this will solve your problem.
  Thanks
  Malar

• How to execute Linux command from Java app.

  Hi all,
  Could anyone show me how to execute Linux command from Java app. For example, I have the need to execute the "ls" command from my Java app (which is running on the Linux machine), how should I write the codes?
  Thanks a lot,

  You can use "built-in" shell commands, you just need to invoke the shell and tell it to run the command. See the -c switch in the man page for your shell. But, "ls" isn't built-in anyays.
  If you use exec, you will want to set the directory with the dir argument to exec, or add it to the command or cmdarray. See the API for the variants of java.lang.Runtime.exec(). (If you're invoking it repeatedly, you can most likely modify a cmdarray more efficiently than having exec() decompose your command).
  You will also definitely want to save the returned Process and read the output from it (possibly stderr too and get an exit status). See API for java.lang.Process. Here's an example
  java.io.BufferedReader br =
  new java.io.BufferedReader(new java.io.InputStreamReader(
  Runtime.getRuntime().exec ("/sbin/ifconfig ppp0").
  getInputStream()));
  while ((s = br.readLine()) != null) {...                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• Impact of revoking APEX_040000 view and privileges from public ?

  Forum...
  We are in an integration scenario where we do not want to have a user connecting through SQL see the apex product database objects to which apex has granted public access show up. ( As per the "Granted Priviliges" of the Apex documentation - specifically the views and tables for which public synonyms are created)
  Does anyone have an idea of what the impact of revoking these public privileges would be on apex users and applications ?
  Thanks
  Pierre

  Hi Pierre,
  I'm just curious - can you give a couple examples of objects for which you wish to revoke privileges from PUBLIC?
  Joel

• Execute binary from inside the app?

  Hello! I'm working on a Mac App that on the push of a button, will execute a binary file from inside the .app file. But I don't know where to place the binary so i can access it, and how to execute it.
  Thanks,
  Andrei

  Hello,
       We are able to use the Java Gui directly from the mac without any problems.
  We are recieving the following error from the Mac Console when we execute the Iview from with the portal.
  5/1/08 1:17:35 PM [0x0-0x5d05d].org.mozilla.firefox[656] ### MRJPlugin:  getPluginBundle() here. ###
  5/1/08 1:17:35 PM [0x0-0x5d05d].org.mozilla.firefox[656] ### MRJPlugin:  CFBundleGetBundleWithIdentifier() succeeded. ###
  5/1/08 1:17:35 PM [0x0-0x5d05d].org.mozilla.firefox[656] ### MRJPlugin:  CFURLGetFSRef() succeeded. ###
  5/1/08 1:17:35 PM [0x0-0x5d05d].org.mozilla.firefox[656] _NSJVMLoadLibrary: NSAddLibrary failed for /System/Library/Frameworks/JavaVM.framework/Versions/(null)/Libraries/libjvm.dylib
  5/1/08 1:17:35 PM [0x0-0x5d05d].org.mozilla.firefox[656] JavaVM FATAL: Failed to load the jvm library.
  Were the (null) is located in the error log above we presently have version 1.4.1, 1.4.2, 1.5.0, 1.6.0.   So it looks as if it isn't getting the version of java from the Transaction_configuration file that it should be pointed to.
  Any suggestions.

• Getting Error while Execute SSIS Package from Console Application

  Dear All,
  SSIS package working fine directly.
  I got following error while execute SSIS package from C# console application.
  The connection "{79D920D4-9229-46CA-9018-235B711F04D9}" is not found. This error is thrown by Connections collection when the specific connection element is not found.
  Cannot find the connection manager with ID "{79D920D4-9229-46CA-9018-235B711F04D9}" in the connection manager collection due to error code 0xC0010009. That connection manager is needed by "OLE DB Destination.Connections[OleDbConnection]"
  in the connection manager collection of "OLE DB Destination". Verify that a connection manager in the connection manager collection, Connections, has been created with that ID.
  OLE DB Destination failed validation and returned error code 0xC004800B.
  One or more component failed validation.
  There were errors during task validation.
  Code : 
     public static string RunDTSPackage()
              Package pkg;
              Application app;
              DTSExecResult pkgResults;
              Variables vars;
              app = new Application();
              pkg = app.LoadPackage(@"D:\WORK\Package.dtsx", null);
       Microsoft.SqlServer.Dts.Runtime.DTSExecResult results = pkg.Execute();
  I have recreate the application with again new connection in SSIS.
  Still not working, Please provide solution if any one have.
  DB : SQL Server 2008 R2
  Thanks and regards,
  Hardik Ramwani

  The connection "{79D920D4-9229-46CA-9018-235B711F04D9}" is not found. This error is thrown by Connections collection when the specific connection element is not found.
  Cannot find the connection manager with ID "{79D920D4-9229-46CA-9018-235B711F04D9}" in the connection manager collection due to error code 0xC0010009. That connection manager is needed by "OLE DB Destination.Connections[OleDbConnection]"
  in the connection manager collection of "OLE DB Destination". Verify that a connection manager in the connection manager collection, Connections, has been created with that ID.
  Are you sure that you are running the same package via .NET which works fine from Visual Studio?
  By reading error message, I can say that you have copied OLEDB task from another package OR you have deleted one OLEDB connection manager. Now when package is run this task tries to use the connection manager and not found thus throws error message.
  Open all OLEDB destination tasks and you find connection manager missing. Connection Manager name should be provided there
  Cheers,
  Vaibhav Chaudhari
  MCSA - SQL Server 2012