Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 1.

Similar presentations


Presentation on theme: "Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 1."— Presentation transcript:

1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 1

2 12 More things about Oracle Database 12c Thomas Kyte

3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 of the corporate presentation template 3  The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Small print

4 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 4 #1 Invisible Columns

5 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 5 Invisible Columns ops$tkyte%ORA12CR1> create table t 2 ( x int, 3 y int 4 ) 5 / Table created. ops$tkyte%ORA12CR1> insert into t values ( 1, 2 ); 1 row created.

6 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 6 Invisible Columns ops$tkyte%ORA12CR1> alter table t add ( z int INVISIBLE ); Table altered.

7 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 7 Invisible Columns ops$tkyte%ORA12CR1> desc t Name Null? Type X NUMBER(38) Y NUMBER(38)

8 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 8 Invisible Columns ops$tkyte%ORA12CR1> insert into t values ( 3, 4 ); 1 row created.

9 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 9 Invisible Columns ops$tkyte%ORA12CR1> select * from t; X Y

10 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Invisible Columns ops$tkyte%ORA12CR1> insert into t (x,y,z) values ( 5,6,7 ); 1 row created. ops$tkyte%ORA12CR1> select x, y, z from t; X Y Z

11 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Invisible Columns ops$tkyte%ORA12CR1> alter table t modify z visible; Table altered. ops$tkyte%ORA12CR1> select * from t; X Y Z

12 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Add a column in the “middle” ops$tkyte%ORA12CR1> create table t 2 ( a int, 3 b int, 4 d int, 5 e int 6 ); Table created.

13 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Add a column in the “middle” ops$tkyte%ORA12CR1> alter table t modify ( d invisible, e invisible ); Table altered. ops$tkyte%ORA12CR1> alter table t add c int; Table altered. ops$tkyte%ORA12CR1> alter table t modify ( d visible, e visible ); Table altered.

14 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Add a column in the “middle” ops$tkyte%ORA12CR1> desc t Name Null? Type A NUMBER(38) B NUMBER(38) C NUMBER(38) D NUMBER(38) E NUMBER(38)

15 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide #2 Invokers Rights

16 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Invokers Rights  Invokers Rights routines ran with the privileges of the invoker  The invoker might be much higher privileged than the owner of the procedure  Can be used to ‘steal’ privileges by the owner

17 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Invokers Rights create or function seemingly_nice_utility authid current_user as begin execute immediate ‘grant dba to me’; do_something_useful; end; If that seemingly nice routine was executed by a highly privileged user, the owner of this nice utility would become a DBA

18 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Invokers Rights ops$tkyte%ORA12CR1> create or replace 2 function injectable( p_date in date ) 3 return number 4 as 5 l_sql varchar2(1000); 6 l_cnt number; 7 begin 8 dbms_output.put_line( 'enter' ); 9 l_sql := ' 10 select count(*) into :n from all_users 11 where created = ''' || p_date || ''''; dbms_output.put_line( l_sql ); 14 execute immediate l_sql into l_cnt; 15 return l_cnt; 16 end; Or suppose you have a SQL injectable routine…

19 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Invokers Rights ops$tkyte%ORA12CR1> exec dbms_output.put_line( injectable( sysdate ) ) enter select count(*) into :n from all_users where created = '28-SEP-12' 0 PL/SQL procedure successfully completed. That is what the developer is expecting and in fact what the developer has always seen… But…

20 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Invokers Rights scott%ORA12CR1> create or replace 2 function nefarious 3 return date 4 authid current_user 5 as 6 pragma autonomous_transaction; 7 begin 8 dbms_output.put_line( 'in routine' ); 9 execute immediate 'grant dba to scott'; 10 dbms_output.put_line( 'granted' ); 11 return sysdate; 12 end; 13 / Function created. Scott knows this SQL injection bug exists, Scott knows the owner of the bad code is highly privileged, Scott has connect and resource..

21 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Invokers Rights scott%ORA12CR1> grant execute on nefarious to ops$tkyte; Grant succeeded. scott%ORA12CR1> alter session set nls_date_format = '"'' or scott.nefarious() is not null--"'; Session altered. scott%ORA12CR1> select sysdate from dual; SYSDATE ' or scott.nefarious() is not null-- That is a surprise to many people…

22 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Invokers Rights scott%ORA12CR1> select * from session_roles; ROLE CONNECT RESOURCE scott%ORA12CR1> exec dbms_output.put_line( ops$tkyte.injectable(sysdate) ) enter select count(*) into :n from all_users where created = '' or scott.nefarious() is not null--' in routine granted 38 PL/SQL procedure successfully completed. All we have to do is trick that highly privileged user into running for us, just as I did here.. And then….

23 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Invokers Rights scott%ORA12CR1> connect scott/tiger Connected. scott%ORA12CR1> select * from session_roles; ROLE CONNECT RESOURCE DBA SELECT_CATALOG_ROLE EXECUTE_CATALOG_ROLE … XDB_SET_INVOKER OLAP_DBA OLAP_XS_ADMIN PLUSTRACE 22 rows selected. Not good…

24 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Invokers Rights  Two new privileges: – INHERIT PRIVILEGES  By default PUBLIC has INHERIT PRIVILEGES on all newly created and upgraded user accounts  Hence it works the same in 12c by default  Consider revoke inherit privileges on user username from public – INHERIT ANY PRIVILEGES  Use sparingly

25 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Invokers Rights scott%PDB1> exec dbms_output.put_line( ops$tkyte.injectable(sysdate) ) enter select count(*) into :n from all_users where created = '' or scott.nefarious() is not null--' BEGIN dbms_output.put_line( ops$tkyte.injectable(sysdate) ); END; * ERROR at line 1: ORA-06598: insufficient INHERIT PRIVILEGES privilege ORA-06512: at "SCOTT.NEFARIOUS", line 1 ORA-06512: at "OPS$TKYTE.INJECTABLE", line 15 ORA-06512: at line 1 After issuing the revoke, the schema containing code that is potentially SQL injectable (pretty much most any application schema!) cannot be exploited this way

26 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide #3 Multiple Same Column Indexes

27 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Indexing ops$tkyte%ORA11GR2> create table t ( x int, y int, z int ); Table created. ops$tkyte%ORA11GR2> create index t_idx on t(x,y); Index created. ops$tkyte%ORA11GR2> create bitmap index t_idx2 on t(x,y); create bitmap index t_idx2 on t(x,y) * ERROR at line 1: ORA-01408: such column list already indexed ops$tkyte%ORA11GR2> create bitmap index t_idx2 on t(x,y) invisible; create bitmap index t_idx2 on t(x,y) invisible * ERROR at line 1: ORA-01408: such column list already indexed

28 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Indexing ops$tkyte%ORA12CR1> create table t ( x int, y int, z int ); Table created. ops$tkyte%ORA12CR1> create index t_idx on t(x,y); Index created. ops$tkyte%ORA12CR1> create bitmap index t_idx2 on t(x,y) invisible; Index created.

29 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Indexing ops$tkyte%ORA12CR1> alter session set optimizer_use_invisible_indexes=true; Session altered. ops$tkyte%ORA12CR1> exec dbms_stats.set_table_stats ( user, 'T', numrows => , numblks => ); PL/SQL procedure successfully completed.

30 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Indexing ops$tkyte%ORA12CR1> set autotrace traceonly explain ops$tkyte%ORA12CR1> select count(*) from t; | Id | Operation | Name | Rows | Cost (%CPU)| | 0 | SELECT STATEMENT | | 1 | 0 (0)| | 1 | SORT AGGREGATE | | 1 | | | 2 | BITMAP CONVERSION COUNT | | 1000K| | | 3 | BITMAP INDEX FAST FULL SCAN| T_IDX2 | | |

31 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide #4 Temporal Validity

32 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Temporal Validity ops$tkyte%ORA12CR1> create table addresses 2 ( empno number, 3 addr_data varchar2(30), 4 start_date date, 5 end_date date, 6 period for valid(start_date,end_date) 7 ) 8 / Table created.

33 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Temporal Validity ops$tkyte%ORA12CR1> insert into addresses (empno, addr_data, start_date, end_date ) 2 values ( 1234, '123 Main Street', trunc(sysdate-5), trunc(sysdate-2) ); 1 row created. ops$tkyte%ORA12CR1> insert into addresses (empno, addr_data, start_date, end_date ) 2 values ( 1234, '456 Fleet Street', trunc(sysdate-1), trunc(sysdate+1) ); 1 row created. ops$tkyte%ORA12CR1> insert into addresses (empno, addr_data, start_date, end_date ) 2 values ( 1234, '789 1st Ave', trunc(sysdate+2), null ); 1 row created.

34 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Temporal Validity ops$tkyte%ORA12CR1> select * from addresses; EMPNO ADDR_DATA START_DAT END_DATE Main Street 12-MAY MAY Fleet Street 16-MAY MAY st Ave 19-MAY-13

35 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Temporal Validity ops$tkyte%ORA12CR1> select * from addresses as of period for valid sysdate-3; EMPNO ADDR_DATA START_DAT END_DATE Main Street 12-MAY MAY-13 ops$tkyte%ORA12CR1> select * from addresses as of period for valid sysdate; EMPNO ADDR_DATA START_DAT END_DATE Fleet Street 16-MAY MAY-13 ops$tkyte%ORA12CR1> select * from addresses as of period for valid sysdate+3; EMPNO ADDR_DATA START_DAT END_DATE st Ave 19-MAY-13

36 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide #5 SQL Text Expansion

37 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide SQL Text Expansion ops$tkyte%ORA12CR1> variable x clob ops$tkyte%ORA12CR1> begin 2 dbms_utility.expand_sql_text 3 ( input_sql_text => 'select * from all_users', 4 output_sql_text => :x ); 5 end; 6 / PL/SQL procedure successfully completed.

38 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide SQL Text Expansion ops$tkyte%ORA12CR1> print x X SELECT "A1"."USERNAME" "USERNAME","A1"."USER_ID" "USER_ID","A1"."CREATED" "CREAT ED","A1"."COMMON" "COMMON" FROM (SELECT "A4"."NAME" "USERNAME","A4"."USER#" "US ER_ID","A4"."CTIME" "CREATED",DECODE(BITAND("A4"."SPARE1",128),128,'YES','NO') " COMMON" FROM "SYS"."USER$" "A4","SYS"."TS$" "A3","SYS"."TS$" "A2" WHERE "A4"."DA TATS#"="A3"."TS#" AND "A4"."TEMPTS#"="A2"."TS#" AND "A4"."TYPE#"=1) "A1"

39 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide SQL Text Expansion ops$tkyte%ORA12CR1> create or replace 2 function my_security_function( p_schema in varchar2, 3 p_object in varchar2 ) 4 return varchar2 5 as 6 begin 7 return 'owner = USER'; 8 end; 9 / Function created.

40 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide SQL Text Expansion ops$tkyte%ORA12CR1> create table my_table 2 ( data varchar2(30), 3 OWNER varchar2(30) default USER 4 ) 5 / Table created.

41 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide SQL Text Expansion ops$tkyte%ORA12CR1> begin 2 dbms_rls.add_policy 3 ( object_schema => user, 4 object_name => 'MY_TABLE', 5 policy_name => 'MY_POLICY', 6 function_schema => user, 7 policy_function => 'My_Security_Function', 8 statement_types => 'select, insert, update, delete', 9 update_check => TRUE ); 10 end; 11 / PL/SQL procedure successfully completed.

42 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide SQL Text Expansion ops$tkyte%ORA12CR1> begin 2 dbms_utility.expand_sql_text 3 ( input_sql_text => 'select * from my_table', 4 output_sql_text => :x ); 5 end; 6 / PL/SQL procedure successfully completed. ops$tkyte%ORA12CR1> print x X SELECT "A1"."DATA" "DATA","A1"."OWNER" "OWNER" FROM (SELECT "A2"."DATA" "DATA", "A2"."OWNER" "OWNER" FROM "OPS$TKYTE"."MY_TABLE" "A2" WHERE "A1"

43 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide #6 Partial Indexes

44 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 44 Enhanced Indexing with Oracle Partitioning  Local indexes  Non-partitioned or partitioned global indexes  Usable or unusable index segments – Non-persistent status of index, no relation to table Indexing prior to Oracle Database 12c

45 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 45 Enhanced Indexing with Oracle Partitioning  Local indexes  Non-partitioned or partitioned global indexes  Usable or unusable index segments – Non-persistent status of index, no relation to table  Partial local and global indexes – Partial indexing introduces table and [sub]partition level metadata – Leverages usable/unusable state for local partitioned indexes – Policy for partial indexing can be overwritten Indexing with Oracle Database 12c

46 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 46 Partial indexes span only some partitions Applicable to local and global indexes Complementary to full indexing Enhanced business modeling Enhanced Indexing with Oracle Partitioning Partial Local and Global Indexes Global Non-Partitioned Index Table Partition Table Partition Table Partition Global Partitioned Index Local Partitioned Index Partial Global Index Partial Local Partitioned Index Partial Global Partitioned Index Full Indexing Indexing on Partial Indexes Indexing off No Indexing

47 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Partial Indexing ops$tkyte%ORA12CR1> create table t 2 ( a int, 3 b int, 4 c int, 5 d int, 6 e int 7 ) 8 partition by range (a) 9 (partition p1 values less than (100) indexing on, 10 partition p2 values less than (200) indexing off, 11 partition p3 values less than (300) indexing on 12 ); Table created.

48 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Partial Indexing ops$tkyte%ORA12CR1> begin 2 dbms_stats.set_table_stats 3 ( user, 'T', numrows=> , numblks => ); 4 end; 5 / PL/SQL procedure successfully completed. ops$tkyte%ORA12CR1> select partition_name, high_value, indexing 2 from user_tab_partitions 3 where table_name = 'T'; PARTITION_ HIGH_VALUE INDE P1 100 ON P2 200 OFF P3 300 ON

49 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Partial Indexing ops$tkyte%ORA12CR1> create index t_idx_b on t(b) local indexing partial; Index created. ops$tkyte%ORA12CR1> create index t_idx_c on t(c) local; Index created. ops$tkyte%ORA12CR1> create index t_idx_d on t(d) global indexing partial; Index created. ops$tkyte%ORA12CR1> create index t_idx_e on t(e) global; Index created.

50 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Partial Indexing ops$tkyte%ORA12CR1> select index_name, partition_name, status 2 from user_ind_partitions 3 where index_name in ( 'T_IDX_B', 'T_IDX_C' ) 4 order by 1,2; INDEX_NAME PARTITION_ STATUS T_IDX_B P1 USABLE T_IDX_B P2 UNUSABLE T_IDX_B P3 USABLE T_IDX_C P1 USABLE T_IDX_C P2 USABLE T_IDX_C P3 USABLE 6 rows selected.

51 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Partial Indexing ops$tkyte%ORA12CR1> select index_name, indexing, status 2 from user_indexes 3 where index_name in ( 'T_IDX_D', 'T_IDX_E' ) 4 order by 1; INDEX_NAME INDEXIN STATUS T_IDX_D PARTIAL VALID T_IDX_E FULL VALID

52 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Partial Indexing ops$tkyte%ORA12CR1> select count(*) from t where b = 2; | Id | Operation | Name | Rows | Pstart| Pstop | | 0 | SELECT STATEMENT | | | | | | 1 | SORT AGGREGATE | | 1 | | | | 2 | VIEW | VW_TE_2 | 549 | | | | 3 | UNION-ALL | | | | | | 4 | PARTITION RANGE OR | | 524 | KEY(OR)|KEY(OR)| |* 5 | TABLE ACCESS BY LOCAL INDEX ROWID BATCHED| T | 524 | KEY(OR)|KEY(OR)| |* 6 | INDEX RANGE SCAN | T_IDX_B | 1 | KEY(OR)|KEY(OR)| | 7 | PARTITION RANGE SINGLE | | 25 | 2 | 2 | |* 8 | TABLE ACCESS FULL | T | 25 | 2 | 2 | Predicate Information (identified by operation id): filter(("T"."A" =200 AND "T"."A"<300))) 6 - access("B"=2) 8 - filter("B"=2)

53 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Partial Indexing ops$tkyte%ORA12CR1> select count(*) from t where d = 2 and a = 1; |Id | Operation |Name | Rows |Pstart|Pstop| | 0| SELECT STATEMENT | | | | | | 1| SORT AGGREGATE | | 1| | | |* 2| TABLE ACCESS BY GLOBAL INDEX ROWID BATCHED|T | 100| 1 | 1| |* 3| INDEX RANGE SCAN |T_IDX_D| 1| | | Predicate Information (identified by operation id): filter("A"=1) 3 - access("D"=2)

54 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Partial Indexing ops$tkyte%ORA12CR1> select count(*) from t where d = 2 and a = 101; | Id | Operation | Name | Rows || Pstart| Pstop | | 0 | SELECT STATEMENT | | || | | | 1 | SORT AGGREGATE | | 1 || | | | 2 | PARTITION RANGE SINGLE| | 100 || 2 | 2 | |* 3 | TABLE ACCESS FULL | T | 100 || 2 | 2 | Predicate Information (identified by operation id): filter(("D"=2 AND "A"=101))

55 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide #7 Online Operations

56 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide More Online Operations  DROP INDEX ONLINE  DROP CONSTRAINT ONLINE  SET UNUSED COLUMN ONLINE  ALTER INDEX UNUSABLE ONLINE  ALTER INDEX [VISIBLE | INVISIBLE]

57 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Online Operations ops$tkyte%ORA12CR1> create table t 2 ( a int, 3 b int, 4 c int, 5 d int 6 ) 7 / Table created. ops$tkyte%ORA12CR1> insert into t values ( 1, 2, 3, 4 ); 1 row created. ops$tkyte%ORA12CR1> commit; Commit complete.

58 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Online Operations ops$tkyte%ORA12CR1> update t set b = 42; 1 row updated. ops$tkyte%ORA12CR1> select * from t; A B C D

59 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Online Operations ops$tkyte%ORA12CR1> declare 2 pragma autonomous_transaction; 3 begin 4 execute immediate 'alter table t set unused column d online'; 5 end; 6 / PL/SQL procedure successfully completed.

60 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Online Operations ops$tkyte%ORA12CR1> select * from t; A B C ops$tkyte%ORA12CR1> rollback; Rollback complete. ops$tkyte%ORA12CR1> select * from t; A B C

61 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide #8 Implicit Result Sets

62 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Implicit Result Sets  Cursor variables have been around since 7.2  Used to return result sets explicitly  Some other databases return them implicitly  Causes migration headaches

63 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Implicit Result Sets  Two new API calls: – PROCEDURE RETURN_RESULT (rc IN OUT SYS_REFCURSOR, to_client IN BOOLEAN DEFAULT TRUE); – PROCEDURE RETURN_RESULT (rc IN OUT INTEGER, to_client IN BOOLEAN DEFAULT TRUE); – TO_CLIENT => true, return to client layer – TO_CLIENT=> false, return to invoker, immediate caller

64 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Implicit Result Sets ops$tkyte%ORA12CR1> declare 2 c sys_refcursor; 3 begin 4 open c for 5 select * 6 from dept; 7 8 dbms_sql.return_result(c); 9 end; 10 / PL/SQL procedure successfully completed. ResultSet #1 DEPTNO DNAME LOC ACCOUNTING NEW YORK 20 RESEARCH DALLAS 30 SALES CHICAGO 40 OPERATIONS BOSTON

65 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Implicit Result Sets  Two new API calls: – PROCEDURE GET_NEXT_RESULT (c IN INTEGER, rc OUT SYS_REFCURSOR); – PROCEDURE GET_NEXT_RESULT (c IN INTEGER, rc OUT INTEGER); – For PL/SQL processing

66 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Implicit Result Sets Connection conn = DriverManager.getConnection(jdbcURL, user, password); try { Statement stmt = conn.createStatement (); stmt.executeQuery ( “begin foo; end;” ); while (stmt.getMoreResults()) { ResultSet rs = stmt.getResultSet(); System.out.println("ResultSet"); while (rs.next()) { /* get results */ }

67 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide #9 Easier Reorgs

68 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Easier Reorgs  Move table tablespaces  Move index tablespaces  Move lob tablespaces  Implement table compression  Implement index key compression  Implement lob compression  Convert to securelfile In a single command you can…

69 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Easier Reorgs ops$tkyte%ORA12CR1> create table t 2 tablespace users 3 as 4 select * 5 from all_objects; Table created. ops$tkyte%ORA12CR1> create index t_idx on t(object_name); Index created. ops$tkyte%ORA12CR1> alter table t add constraint t_pk primary key(object_id); Table altered.

70 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Easier Reorgs ops$tkyte%ORA12CR1> select index_name, status 2 from user_indexes 3 where table_name = 'T'; INDEX_NAME STATUS T_PK VALID T_IDX VALID ops$tkyte%ORA12CR1> exec show_space( 'T' ); … Full Blocks ,373 Total Blocks ,408 Total MBytes …

71 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Easier Reorgs ops$tkyte%ORA12CR1> begin 2 dbms_redefinition.redef_table 3 ( uname => user, 4 tname => 'T', 5 table_compression_type => 'row store compress advanced', 6 table_part_tablespace => 'TEST' ); 7 end; 8 / PL/SQL procedure successfully completed.

72 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Easier Reorgs ops$tkyte%ORA12CR1> select index_name, status 2 from user_indexes 3 where table_name = 'T'; INDEX_NAME STATUS T_PK VALID T_IDX VALID ops$tkyte%ORA12CR1> exec show_space( 'T' ); … Full Blocks Total Blocks Total MBytes …

73 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide #10 Improved Introspection

74 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Improved Introspection  Before 12.1, you used three functions in the DBMS_Utility package Format_Call_Stack() Format_Error_Stack() Format_Error_Backtrace()  New in 12.1 The package UTL_Call_Stack solves the same problem properly

75 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Improved Introspection package body Pkg is procedure p is procedure q is procedure r is procedure p is begin Print_Call_Stack(); end p; begin p(); end r; begin r(); end q; begin q(); end p; end Pkg;

76 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Improved Introspection procedure Print_Call_Stack authid Definer is Depth pls_integer := UTL_Call_Stack.Dynamic_Depth(); begin DBMS_Output.Put_Line(DBMS_Utility.Format_Call_Stack()); end; PL/SQL Call Stack object line object handle number name 0x631f6e88 12 procedure USR.PRINT_CALL_STACK 0x package body USR.PKG 0x package body USR.PKG 0x package body USR.PKG 0x package body USR.PKG 0x69253ca8 1 anonymous block

77 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Improved Introspection procedure Print_Call_Stack authid Definer is Depth pls_integer := UTL_Call_Stack.Dynamic_Depth(); begin for j in reverse 2..Depth loop DBMS_Output.Put_Line( (j - 1)|| To_Char(UTL_Call_Stack.Unit_Line(j), '99')|| UTL_Call_Stack.Concatenate_Subprogram UTL_Call_Stack.Subprogram(j))); end loop; end; 5 1 __anonymous_block 4 16 PKG.P 3 13 PKG.P.Q 2 10 PKG.P.Q.R 1 7 PKG.P.Q.R.P

78 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide #11 SQL made for migration

79 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Expanded Syntax  Cross Apply  Outer Apply  Lateral

80 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Expanded Syntax ops$tkyte%ORA12CR1> select d.deptno, d.dname, e2.ename 2 from dept d cross apply (select ename 3 from emp e 4 where e.deptno = d.deptno) e2 5 where d.deptno in ( 10, 40 ) 6 order by 1, 2 7 / DEPTNO DNAME ENAME ACCOUNTING CLARK 10 ACCOUNTING MILLER 10 ACCOUNTING KING

81 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Expanded Syntax ops$tkyte%ORA12CR1> select d.deptno, d.dname, e2.ename 2 from dept d outer apply (select ename 3 from emp e 4 where e.deptno = d.deptno) e2 5 where d.deptno in ( 10, 40 ) 6 order by 1, 2 7 / DEPTNO DNAME ENAME ACCOUNTING CLARK 10 ACCOUNTING KING 10 ACCOUNTING MILLER 40 OPERATIONS

82 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide Expanded Syntax ops$tkyte%ORA12CR1> select d.deptno, d.dname, e2.ename 2 from dept d, lateral (select ename 3 from emp e 4 where e.deptno = d.deptno) e2 5 where d.deptno in ( 10, 40 ) 6 order by 1, 2 7 / DEPTNO DNAME ENAME ACCOUNTING CLARK 10 ACCOUNTING MILLER 10 ACCOUNTING KING

83 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide #12 SQL ‘Esperanto’

84 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide SQL Translation Framework  Migrations – without changing SQL  Translations for  Sybase  MS SQLServer  Partial DB2  Or, do it yourself

85 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide SQL Translation Framework ops$tkyte%ORA12CR1> begin 2 dbms_sql_translator.create_profile( 'MY_PROFILE' ); 3 dbms_sql_translator.register_sql_translation 4 ( 'MY_PROFILE', 5 'select * from scott.emp', 6 'select * from scott.dept' ); 7 end; 8 / PL/SQL procedure successfully completed.

86 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide SQL Translation Framework ops$tkyte%ORA12CR1> alter session set sql_translation_profile = MY_PROFILE; Session altered. ops$tkyte%ORA12CR1> alter session set events = '10601 trace name context forever, level 32'; Session altered.

87 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide SQL Translation Framework ops$tkyte%ORA12CR1> select * from scott.emp; DEPTNO DNAME LOC ACCOUNTING NEW YORK 20 RESEARCH DALLAS 30 SALES CHICAGO 40 OPERATIONS BOSTON

88 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 of the corporate presentation template 88 Graphic Section Divider


Download ppt "Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 1."

Similar presentations


Ads by Google