[Previous entry: "Another set of 11g Security Improvements"] [Next entry: "A new SQL Injection Breach"]

11/03/2007: "11g UTL_HTTP update"

So I've installed 11g on my laptop to revisit this. If you have the connect privilege for a host you don't need the resolve privilege. Further, if you've been given the connect privilege to any host you still don't need the resolve:

SQL> EXEC DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(acl=>'www.xml', description=>'WWW ACL', principal=>'SCOTT', is_grant=>true, privilege=>'connect');

PL/SQL procedure successfully completed.

SQL> EXEC DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl=>'www.xml', host=>'*');

PL/SQL procedure successfully completed.

SQL> connect scott/tiger
Connected.
SQL> select utl_http.request('www.databasesecurity.com') from dual;

UTL_HTTP.REQUEST('WWW.DATABASESECURITY.COM')
------------------------------------------------------------------------------
"http://www.w3.org/TR/html4/loose.dtd">



...
...