In Oracle VPD / RLS, how do malicious user predicates prevent information leakage?

Question

In Oracle VPD / RLS, how do malicious user predicates prevent information leakage?

I read documents for Oracle VPD (Virtual Private Database, aka fine-grained security, shortcut-based security framework), and there is something hard for me to grab. How does VPD prevent user information leakage through a malicious feature in a sentence WHERE?

Say you have a VPD policy that generates a static predicate, such as cust_no = SYS_CONTEXT('order_entry', 'cust_num');(for example, in the Oracle VPD tutorial ).

This leads to a rewrite of the requests, therefore:

SELECT * FROM orders;

becomes:

SELECT * FROM orders 
  WHERE cust_no = SYS_CONTEXT('order_entry', 'cust_num');

Good as possible. But what if the user writes:

SELECT * FROM orders WHERE my_malicious_function(secret_column);

? my_malicious_function , , , , .

VPD , , - :

SELECT * FROM orders 
  WHERE cust_no = SYS_CONTEXT('order_entry', 'cust_num')
    AND my_malicious_function(secret_column);

Oracle WHERE. my_malicious_function -, , ? (, SYS_CONTEXT, , UDF).

, , VPD , . - ?

( , VPD , , , , . )

+4

security oracle row-level-security

Craig Ringer 05 . '13 10:15

1

Jeffrey Kemp · Accepted Answer · 2013-11-06T03:11:46+0000

" " VPD, .

, :

SELECT * FROM orders WHERE my_malicious_function(secret_column);

:

SELECT * FROM (
  SELECT * FROM orders orders
  WHERE cust_no = SYS_CONTEXT('order_entry', 'cust_num')
)
WHERE my_malicious_function(secret_column);

, , VPD.

: http://docs.oracle.com/cd/E11882_01/appdev.112/e40758/d_rls.htm#i1005326

(, ) , . -
select c1, c2, ... from tab tab where <predicate>

In Oracle VPD / RLS, how do malicious user predicates prevent information leakage?

More articles: