Since I have no access to the infrastructure and midtier databases, I had to install everything through the web interface.
BTW: Oracle - your textareas are way to small to use them for something more than:
begin
null;
end;
In the middle of the installation I noticed that I could not install all parts of my portlet (tables, views, packages and trigger spread over several schemas)
After some research I found a very interesting link under Navigator - Database Objects - Create New...: "Script".
It displays a tiny textarea with the headline: "Enter a DML statement or PL/SQL Block".
Nice, I tought - so let's clear the log table with it:
truncate table log_entries;
But guess what it answered:
This statement is not supported.
Hm, but wait, it allows us to write PLSQL - so let's try this again:
begin
execute immediate 'truncate table log_entries';
end;
Now the answer was:
PL/SQL Procedure successful.
Thank you, Oracle for building such great PLSQL and SQL injection abled admin interfaces :)
BTW:
If you want to create a package or trigger, you have to watchout for 3 things:
1) strip out all comments (needed for the next step)
2) make it a one-liner
3) replace all ' with ''' (3 times) - since you will put our code into another PL/SQL code.
Than just do:
begin
execute immediate ' < your_code_here > ';
end;
And you're done.
Notice: This doesn't circumvent security in any sense - you still need your rights inside the database (create table,package,trigger,...). But since you can run this with the priviledges of the oracle portal user (per default: portal), you can in fact "enhance" about anything in the Oracle Portal you need to :)
Keine Kommentare:
Kommentar veröffentlichen