Edit report at https://bugs.php.net/bug.php?id=56723&edit=1
ID: 56723 Updated by: [email protected] Reported by: s dot zurnieden at media-control dot com Summary: Privileged connection -Status: Open +Status: Feedback Type: Feature/Change Request -Package: PDO_OCI +Package: *General Issues Operating System: Linux 32 (SuSE) PHP Version: 5.1.1 Block user comment: N Private report: N New Comment: Not enough information was provided for us to be able to handle this bug. Please re-read the instructions at http://bugs.php.net/how-to-report.php If you can provide more information, feel free to add it to this bug and change the status back to "Open". Thank you for your interest in PHP. It looks like there may be a workaround at the server level. Will this work for you? https://forums.oracle.com/thread/1135635 Previous Comments: ------------------------------------------------------------------------ [2007-06-28 16:37:34] christopher dot jones at oracle dot com Adding privileged connections opens a potential security hole. If the webserver runs as an OS user with Oracle dba or oinstall privilges it could be possible a hacker to gain high level access to the database. The oci8 extension added a php.ini parameter to allow privileged connections for users who want to take the risk. PDO_OCI patches for something similar are welcome, as are a list of use cases where you would find the feature beneficial. ------------------------------------------------------------------------ [2007-05-14 12:47:58] ludovico dot caldara at gmail dot com hi, since Zend Framework provides Zend_DB class based on PDO, it would be very cool to have privileged sessions implemented. It should be quite simple adding a new variable to the DSN: struct pdo_data_src_parser vars[] = { { "charset", NULL, 0 }, { "dbname", "", 0 }, { "credentials", "OCI_DEFAULT", 0 } }; and passing the correct parameter to OciSessionBegin() call... kind regards -- Ludovico Caldara ------------------------------------------------------------------------ [2005-12-14 04:43:52] s dot zurnieden at media-control dot com Description: ------------ PDO_OCI 1.0 Oracle 10GR2(x86_64) For the moment it seems that it isn't possible to connect to an oracle database with a priviledged connection (as sysdba). In some cases this could be very useful to connect as sysdba. Maybe this can be done via a connection dsn paramter like session_mode=sysdba or something like that. So a full connection dsn could be: oci:dbname=myoraclesid;session_mode=sysdba Kind regards, Sven Zurnieden Reproduce code: --------------- <?php $connect_dsn = 'oci:dbname=myoraclesid'; $oracle_uname = 'sys'; $oracle_upass = 'syspasswd'; try{ $database = new PDO($connect_dsn, $oracle_uname, $oracle_upass); $database->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $database->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER); $database->setAttribute(PDO::ATTR_ORACLE_NULLS, true); $database->setAttribute(PDO::ATTR_PREFETCH, 1000); } catch(PDOException $e){ echo $e->getMessage() . ' in ' . $e->getFile() . ' on line ' . $e->getLine() . "\n"; } ?> Expected result: ---------------- Connection as sysdba to an oracle database. Actual result: -------------- SQLSTATE[HY000]: OCISessionBegin:: ORA-28009: connection as SYS should be as SYSDBA or SYSOPER (/root/install/php/php-5.1.1/ext/pdo_oci/oci_driver.c:514) in /usr/local/httpd/htdocs/ora_mgmt/pdo_connect.php on line 30 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=56723&edit=1
