1. Using Oracle Database Cloud Schema Service
  2. Oracle Database Cloud Schema Service Security Lockdown Implementation Considerations
  3. Summary of Threats

Summary of Threats

There are several types of threats which could be used to compromise the Oracle Database Cloud Schema Service and some specific areas that are potential security weaknesses.

  • Any interaction with the operating system or file system including:

    • The use of BFILEs or external LOBs, operating system ACLs, database DIRECTORY capabilities and any option, feature or supplied PL/SQL package that allows file handling (UTIL_FILE, DBFS, XDB, etc.)

  • Any native interaction with the network including:

    • Any database capability that provides access to TCP sockets, HTTP or SMTP requests, hostname or IP address lookup, Oracle Streams or Advanced Queues, database links, replication operations, network ACLs or other options, features or supplied PL/SQL that has network access or permissions. Inbound and outbound Web Service requests are allowed through the use of inbound RESTful Web Services or using the Oracle Application Express Web Services APIs for calling external services. Sending email is also allowed using the Oracle Application Express Mail API, within the limits described below.

  • Database operations that might allow one tenant user to access another tenant’s data or code including:

    • Any GRANTs on anything to anyone, or any option, feature or supplied PL/SQL that provides granted access to PUBLIC, ANONYMOUS or APEX_PUBLIC_USER.

    • Tenant users with objects with “coded identifiers” that could allow cross-schema access.

    • Any database view that may allow a tenant user to access any information about another tenant. (For example, all DBA_% or V$% data dictionary views and some ALL_% data dictionary views).

  • Database operations that might impact the integrity of the service or another user.

    • This is the control of a tenant’s use of any shared system resources, where the tenant could reduce the availability of these resources, either accidentally or maliciously. These shared resources include CPU, I/O, memory or any internal objects or handles that use CPU, I/O and memory. This also includes anything stored in the SYSTEM tablespace, TEMP or UNDO tablespaces.

  • Database operations that might be used to launch a denial of service (DoS) attack on the database service itself or on some other system.

    • This consists of many of the threats already mentioned, but specifically includes code that can easily create an attack, like job scheduling.