Which has the higher priority in your organization: Deploying a new database or securing the ones you already have?
Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose
Provides an interface for configuring Oracle XML DB and via its repository table xdb.xdb$config
AUTHID
CURRENT_USER
Constants
Name
Data Type
Value
Constant number for 1st argument of setListenerEndPoint
XDB_ENDPOINT_HTTP
NUMBER
1
XDB_ENDPOINT_HTTP2
NUMBER
2
Constant number for 4th argument of setListenerEndPoint
XDB_PROTOCOL_TCP
NUMBER
1
XDB_PROTOCOL_TCPS
NUMBER
2
ON_DENY_NEXT_CUSTOM
NUMBER
1
ON_DENY_BASIC CONSTANT
NUMBER
2
Dependencies
DBMS_ASSERT
DBMS_STANDARD
DUAL
DBMS_GSM_CLOUDADMIN
DBMS_XDB
XDB$ROOT_INFO_V
DBMS_GSM_XDB
DBMS_XDB_LIB
XDB_REALM_VIEW
DBMS_PRIV_CAPTURE
DBMS_XMLDOM
XMLTYPE
Documented
Yes
Exceptions
Error Code
Reason
ORA-30952
Illegal configuration of HTTP/HTTPS in xdbconfig.xml
Adds a mapping from the authentication method name to a URL pattern (in xdb.xdb$config)
dbms_xdb_config.addAuthenticationMapping(
addAuthenticationMapping(pattern IN VARCHAR2,
name IN VARCHAR2,
user_prefix IN VARCHAR2 := NULL,
on_deny IN NUMBER := NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(addAuthenticationMapping, UNSUPPORTED_WITH_COMMIT);
Adds to xdb.xdb$config a custom authentication method entry
dbms_xdb_config.addAuthenticationMethod(
name IN VARCHAR2,
description IN VARCHAR2,
implement_schema IN VARCHAR2,
implement_method IN VARCHAR2,
language IN VARCHAR2 := 'PL/SQL');
PRAGMA SUPPLEMENTAL_LOG_DATA(addAuthenticationMethod, UNSUPPORTED_WITH_COMMIT);
CREATE OR REPLACE FUNCTION authfunc(uname IN VARCHAR2) RETURN BOOLEAN
AUTHID DEFINER AS
BEGIN
RETURN TRUE;
END authfunc;
/
Adds to xdb.xdb$config a mapping of the URL pattern to an expiration date. This will control the Expire headers for URLs matching the pattern
dbms_xdb_config.addHTTPExpireMapping(
pattern IN VARCHAR2,
expire IN VARCHAR2);
exec dbms_xdb_config.addHTTPExpireMapping('/public/test1/*', 'now plus 4 weeks');
exec dbms_xdb_config.addHTTPExpireMapping('/public/test2/*', 'modification plus 1 day 30 seconds');
SELECT * FROM xdb.xdb$config;
-- find the following section in the output:
<expire xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd">
<expire-mapping xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd">
<expire-pattern>/public/test1/*</expire-pattern>
<expire-default>now plus 4 weeks</expire-default>
</expire-mapping>
<expire-mapping xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd">
<expire-pattern>/public/test2/*</expire-pattern>
<expire-default>modification plus 1 day 30 seconds</expire-default>
</expire-mapping>
</expire>
dbms_xdb_config.addServlet(
name IN VARCHAR2,
language IN VARCHAR2,
dispname IN VARCHAR2,
icon IN VARCHAR2 := NULL,
descript IN VARCHAR2 := NULL,
class IN VARCHAR2 := NULL,
jspfile IN VARCHAR2 := NULL,
plsql IN VARCHAR2 := NULL,
schema IN VARCHAR2 := NULL);
dbms_xdb_config.addTrustMapping(
pattern IN VARCHAR2,
auth_name IN VARCHAR2,
trust_name IN VARCHAR2,
user_prefix IN VARCHAR2 := NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(addTrustMapping, UNSUPPORTED_WITH_COMMIT);
dbms_xdb_config.addTrustScheme(name IN VARCHAR2,
description IN VARCHAR2,
session_user IN VARCHAR2,
parsing_schema IN VARCHAR2,
system_level IN BOOLEAN := TRUE,
require_parsing_schema IN BOOLEAN := TRUE,
allow_registration IN BOOLEAN := TRUE);
PRAGMA SUPPLEMENTAL_LOG_DATA(addTrustScheme, UNSUPPORTED_WITH_COMMIT);
Adds the appropriate XML extension to the XDB configuration
dbms_xdb_config.addXMLExtension(extension IN VARCHAR2);
exec dbms_xdb_config.addXMLExtension('rels');
SELECT * FROM xdb.xdb$config;
-- find the following section in the output:
<xml-extensions xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd">
<extension xmlns="http://xmlns.oracle.com/xdb/xdbconfig.xsd">rels</extension>
</xml-extensions>
Deletes a mapping from the authentication method name to a URL pattern (from xdb$onfig)
dbms_xdb_config.deleteAuthenticationMapping(
pattern IN VARCHAR2,
name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(deleteAuthenticationMapping, UNSUPPORTED_WITH_COMMIT);
dbms_xdb_config.deleteTrustScheme(
name IN VARCHAR2,
system_level IN BOOLEAN := TRUE);
PRAGMA SUPPLEMENTAL_LOG_DATA(deleteTrustScheme, UNSUPPORTED_WITH_COMMIT);
Returns the parameters of a listener end point corresponding to the XML DB HTTP server. The parameters of both HTTP and HTTP2 end points can be retrieved by invoking this procedure.
dbms_xdb_config.getListenerEndPoint(
endpoint IN NUMBER,
host OUT VARCHAR2,
port OUT NUMBER,
protocol OUT NUMBER);
Returns the flag that determines if a servlet will permit/disable global port messages. If not defined the default value is returned, which is FALSE for the root and TRUE for PDBs
BEGIN
IF dbms_xdb_config.isGlobalPortEnabled THEN
dbms_output.put_line('Global Port Enabled');
ELSE
dbms_output.put_line('Global Port Not Enabled');
END IF;
END;
/ Global Port Enabled
Sets the parameters of a listener end point corresponding to the XML DB HTTP server. Both HTTP and HTTP2 end points can be set by invoking this procedure
dbms_xdb_config.setListenerEndPoint(
endpoint IN NUMBER,
host IN VARCHAR2,
port IN NUMBER,
protocol IN NUMBER);
Restricts all listener end points of the XML DB HTTP server to listen only on the localhost interface (when l_access is TRUE) or allows all listener end points of the XML DB HTTP server to listen on both localhost and non-localhost interfaces (when l_access is FALSE).
dbms_xdb_config.setListenerLocalAccess(l_access IN BOOLEAN);