Home » RDBMS Server » Security » execute on dbms_lock (db 12.2)
execute on dbms_lock [message #670406] Tue, 03 July 2018 04:45 Go to next message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
For a process I'm developing, it would be helpful if I grant execute on dbms_lock to public. Does anyone think there would be a problem with doing this?

I notice that in release 18 dbms_lock.sleep is deprecated and replaced with dbms_session.sleep, so Uncle Oracle must think that dbms_lock could cause problems.

Thank you for any insight.

[Updated on: Tue, 03 July 2018 05:24]

Report message to a moderator

Re: execute on dbms_lock [message #670427 is a reply to message #670406] Wed, 04 July 2018 03:19 Go to previous messageGo to next message
Frank Naude
Messages: 4579
Registered: April 1998
Senior Member
Granting DBMS_LOCK to PUBLIC may expose your database to DoS attacks.

https://docs.oracle.com/en/database/oracle/oracle-database/18/arpls/DBMS_LOCK.html
There might be operating system-specific limits on the maximum number of total locks available. This must be considered when using locks or making this package available to other users. Consider granting the EXECUTE privilege only to specific users or roles.
...
A better alternative would be to create a cover package limiting the number of locks used and grant EXECUTE privilege to specific users.
Re: execute on dbms_lock [message #670433 is a reply to message #670427] Wed, 04 July 2018 08:55 Go to previous message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
Ah, I hadn't thought of a DoS attack. It isn't a problem in this case, as the only S the client would be D'ing would be his own access. None the less, I guess I'd better try to find another way.

Thank you.
Previous Topic: Oracle Password Complexity setup
Next Topic: Securing Marketing Automation
Goto Forum:
  


Current Time: Thu Mar 28 12:57:20 CDT 2024