Oracle Database 11 g - Online Public Access Catalog

252 CHAPTER 5 ■ DATABASE SECURITYAssign HostsThe ASSIGN_ACL procedure is used to authorize access to one or more network hosts. The networkhost can be internal or external to the company. In this particular example, you are allowingthe database to be able to make HTTP calls to the dbaexpert.com web site. The dbaexpert.comsite is a four-CPU server running Debian Linux version 2.4.1 BEGIN2 DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (3 acl => 'dba.xml',4 host => 'dbaexpert.com',5 lower_port => 80,6 upper_port => 443);7* END;8 /PL/SQL procedure successfully completed.The lower port and upper port parameters are null by default. You should preface thelower and upper port ranges for tighter security. The lower port defines the lower boundariesof the allowable port ranges. The upper port defines the upper boundaries for the allowableport ranges. These port ranges should be defined only for connect privileges; they should notbe set for resolve privileges. There is another caveat to the port ranges. If you omit one of theparameters but define the other, then both parameters take the value of the one you provided.For example, if you set lower_port to 80 and do not define the port value for upper_port, theupper_port parameter automatically inherits the value of 80.■Tip You can use the XML DB HTTP protocol to view the contents of the dba.xml file. You can view thedba.xml ACL for this particular server using this URL: http://rac104.dbaexpert.com:8080/sys/acls/dba.xml.Since you created the ACL, assigned privileges/principals, and authorized network entities,you can validate that the ACL permissions worked accordingly. Take a look at the UTL_HTTP.REQUEST API to retrieve a web page from the dbaexpert.com web site to confirm that thenetwork access rights work as planned:SQL> select utl_http.request('http://www.dbaexpert.com') from dual;UTL_HTTP.REQUEST('HTTP://WWW.DBAEXPERT.COM')--------------------------------------------------------------------------------