是否有使用 Oracle pl sql 的 http 请求的 utl_http 包的替代方案? [英] Is there an alternative to utl_http package for http request using Oracle pl sql?
问题描述
我已经尝试并测试过使用 UTL_HTTP 包来使用 oracle pl/sql 请求 http,但是由于一些需求问题,我不允许在我的工作中使用这个包,所以我在 oracle 中寻找这个包的替代品pl/sql 请求 http.
I have already tried and tested using UTL_HTTP package to request http using oracle pl/sql but due to some requirement issues I am not allowed to use this package in my work, so I am looking for an alternative of this package in oracle pl/sql to request http.
推荐答案
不需要替代 UTL_HTTP,该包只是由于对安全规则的误解而无法使用.请您的 DBA 将 UTL_HTTP 上的执行授予公共、角色或您的帐户.
There is no need for an alternate to UTL_HTTP, that package is only unavailable because of a misunderstanding of the security rules. Ask your DBA to grant execute on UTL_HTTP to public, a role, or your account.
了解安全规则的来源以及它们何时不再适用很重要.大多数 DBA 不知道他们的安全策略来自哪里.他们中的大多数只是从同事那里获取脚本或策略,而不会对其提出质疑.如果您要追溯它,您组织中的某个人很可能从安全审计员那里收到了一个脚本.安全审计员几乎总是从mod制作的安全技术实施指南 (STIG) 中逐字复制他们的脚本.
It's important to know where the security rules came from, to know when they no longer apply. Most DBAs have no idea where their security policies originate from. Most of them simply get the scripts or policies from a coworker and don't question it. If you were to trace it back, it's likely that someone at your organization received a script from a security auditor. The security auditors almost always copy their script verbatim from the Security Technical Implementation Guide (STIG), produced by the Department of Defense.
这意味着可以在 11g Oracle STIG 或 12c Oracle STIG一>.
Which means the real security policies can be found in either the 11g Oracle STIG or the 12c Oracle STIG.
11g 指南的 XML 文件包含以下规则:SV-68213r1_rule,必须从 PUBLIC 撤销受限 Oracle 包的执行权限."该规则建议执行以下命令:
The XML file for the 11g guide contains this rule: SV-68213r1_rule, "Execute permission must be revoked from PUBLIC for restricted Oracle packages." That rule recommends executing this command:
revoke execute on UTL_HTTP from PUBLIC;
但是该指南明确表示可以将执行权限授予特定用户.规则只是撤销 PUBLIC 的授权,而不是阻止每个人使用该包.而这条规则甚至在 12c 中都不存在.
But the guide clearly says that it is OK to grant execute privileges to specific users. The rule is only to revoke the grant from PUBLIC, not to prevent everyone from using the package. And that rule does not even exist in 12c.
这篇关于是否有使用 Oracle pl sql 的 http 请求的 utl_http 包的替代方案?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
