Database Reference
In-Depth Information
Granting Access to UTL_MAIL
We are only going to allow one Oracle user to access the
UTL_MAIL
package: the
appsec
user. We will
include code in the
app_sec_pkg
package to send out 2-factor pass codes using
UTL_MAIL
. First, let's
enable our Security Administrator,
secadm
user to make entries in the database Access Control Lists
(ACLs). Have
SYS
make the grants shown in Listing 9-1, including grant execute on the
UTL_MAIL
package
to the
appsec_role
.
Listing 9-1.
Grant Access to UTL_MAIL, as SYS user
GRANT EXECUTE ON sys.dbms_network_acl_admin TO secadm_role;
GRANT EXECUTE ON sys.utl_mail TO appsec_role;
Then as
secadm
user, execute the commands in Listing 9-2 to establish access control list (ACL)
entries that will permit
appsec
to open port 25 and send e-mail. Be sure to edit the second command in
the listing, inserting the name of your corporate SMTP server into the “host” field.
Listing 9-2.
ACL Entries to Send E-Mail, as Secadm User
BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
acl => 'smtp_acl_file.xml',
description => 'Using SMTP server',
principal => 'APPSEC',
is_grant => TRUE,
privilege => 'connect',
start_date => SYSTIMESTAMP,
end_date => NULL);
COMMIT;
END;
/
BEGIN
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
acl => 'smtp_acl_file.xml',
host => 'smtp.org.com',
lower_port => 25,
upper_port => NULL);
COMMIT;
END;
/
Note
You can find a script of the commands in Listing 9-2 in the file named
Chapter9/SecAdm.sql.