Security.disableDefaultExclusionList Doesn't Work In ORDS 19.1
(Doc ID 2613220.1)
Last updated on JULY 29, 2020
Applies to:Oracle REST Data Services - Version 19.1 and later
Information in this document applies to any platform.
In the ORDS 19.1 in case if you want to deal with PLSQL requests. like sys.*
The database procedures which were blocked in the old version OHS can be processed now in the URL, i.e. utl_*.
This should be blocked by security.disableDefaultExclusionList by default. But even if you tried add the parameter in defaults.xml and set value to "false",
still end users can run utl_* in the URL if they are in not in SYS Schema.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document