Home » RDBMS Server » Security » DEBUG ANY PROCEDURE (DB12.1.0.2)
DEBUG ANY PROCEDURE [message #657812] Wed, 23 November 2016 07:40 Go to next message
John Watson
Messages: 8929
Registered: January 2010
Location: Global Village
Senior Member
A developer has asked me to grant him DEBUG CONNECT SESSION and DEBUG ANY PROCEDURE so that he can use DBMS_DEBUG_JDWP. I'm not familiar with this, and what concerns me is security. Would I be giving the developer access to all the code in the database? Or is there any other risk? There is no privilege DEBUG PROCEDURE.

Thank you for any insight.

[Edit MC: fix title typo]

[Updated on: Wed, 23 November 2016 10:10] by Moderator

Report message to a moderator

Re: DBBUG ANY PROCEDURE [message #657813 is a reply to message #657812] Wed, 23 November 2016 07:57 Go to previous messageGo to next message
Littlefoot
Messages: 21807
Registered: June 2005
Location: Croatia, Europe
Senior Member
Account Moderator
Well, I'm probably not the best person to answer this. Anyway: in order to use TOAD debugger, one has to have granted the following privileges:
- execute on dbms_debug
- debug any procedure
- debug connect session
Therefore, I'd say that developer knows what he needs.

Besides, that's what I granted myself (when I had a database and SYS password), but I didn't check whether I have access to ALL the code, so ...

Report message to a moderator

Re: DBBUG ANY PROCEDURE [message #657815 is a reply to message #657812] Wed, 23 November 2016 08:36 Go to previous messageGo to next message
gazzag
Messages: 1118
Registered: November 2010
Location: Bedwas, UK
Senior Member
As long as it is only on a Dev system I'd have no issue, personally.

Report message to a moderator

Re: DBBUG ANY PROCEDURE [message #657816 is a reply to message #657812] Wed, 23 November 2016 08:36 Go to previous messageGo to next message
Michel Cadot
Messages: 68641
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

Yes, DEBUG ANY PROCEDURE gives access to all stored code, give DEBUG on the procedure/package/type/Java source/... user actually needs to debug.

Report message to a moderator

Re: DBBUG ANY PROCEDURE [message #657817 is a reply to message #657815] Wed, 23 November 2016 08:37 Go to previous messageGo to next message
John Watson
Messages: 8929
Registered: January 2010
Location: Global Village
Senior Member
The trouble is that there are several customers hosted in the same dev database: there each have their own schema.

Report message to a moderator

Re: DBBUG ANY PROCEDURE [message #657818 is a reply to message #657813] Wed, 23 November 2016 08:39 Go to previous messageGo to next message
John Watson
Messages: 8929
Registered: January 2010
Location: Global Village
Senior Member
Thank you for replying, actually I can't make it work anyway. Bizarre errors to do with networking. It's an AWS instance which complicates everything.

Report message to a moderator

Re: DBBUG ANY PROCEDURE [message #657819 is a reply to message #657816] Wed, 23 November 2016 08:39 Go to previous messageGo to next message
John Watson
Messages: 8929
Registered: January 2010
Location: Global Village
Senior Member
Right, that is what I was worried about. Thankyou.

Report message to a moderator

Re: DBBUG ANY PROCEDURE [message #657820 is a reply to message #657817] Wed, 23 November 2016 08:39 Go to previous messageGo to next message
gazzag
Messages: 1118
Registered: November 2010
Location: Bedwas, UK
Senior Member
Ah, in that case I'd be wary. I'd go with Michel's solution.

Or Oracle 12c Wink

Report message to a moderator

Re: DBBUG ANY PROCEDURE [message #657821 is a reply to message #657817] Wed, 23 November 2016 08:41 Go to previous messageGo to next message
cookiemonster
Messages: 13920
Registered: September 2008
Location: Rainy Manchester
Senior Member
So knock up a little dynamic SQL script to grant the developer debug on every procedure belonging to the appropriate schema.

Report message to a moderator

Re: DBBUG ANY PROCEDURE [message #657822 is a reply to message #657821] Wed, 23 November 2016 08:47 Go to previous message
John Watson
Messages: 8929
Registered: January 2010
Location: Global Village
Senior Member
Well, possibly.
Thank you everyone.

Report message to a moderator

Previous Topic: Prevent any query that makes simultaneous references to mutually exclusive columns.
Next Topic: connecting sqlplus without password
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Apr 18 17:37:30 CDT 2024
.:: Forum Home :: Blogger Home :: Wiki Home :: Contact :: Privacy ::.