Security.disableDefaultExclusionList Doesn't Work In ORDS 19.1
(Doc ID 2613220.1)
Last updated on JULY 29, 2020
Applies to:
Oracle REST Data Services - Version 19.1 and laterInformation in this document applies to any platform.
Symptoms
In the ORDS 19.1 in case if you want to deal with PLSQL requests. like sys.*
dbms_*
utl_*
owa_*
owa.*
htp.*
htf.*
The database procedures which were blocked in the old version OHS can be processed now in the URL, i.e. utl_*.
This should be blocked by security.disableDefaultExclusionList by default. But even if you tried add the parameter in defaults.xml and set value to "false",
still end users can run utl_* in the URL if they are in not in SYS Schema.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |