Plsqlexclusionlist – Oracle B12255-01 User Manual

mod_plsql

Oracle HTTP Server Modules

7-41

■

DebugStyle

: This mode provides more details than ModplsqlStyle. mod_

plsql

provides more details about the URL, parameters and also produces

server configuration information. This mode is for debugging purposes only.
Do not use this in a production system, since displaying internal server
variables could be a security risk.

In older versions of the product, this parameter was called error_style.

PlsqlExclusionList

Specifies a pattern for excluding certain procedures, packages,

or schema names from being directly executed from a browser. This is a multi-line
directive in which each pattern occupies one line. The pattern is case-insensitive
and can accept simple wildcards such as *, ? and [a-z]. The default patterns
excluded from direct URL access are: sys.*, dbms_*, utl_*, owa_*, owa.*,
htp.*

, htf.*.

Setting this directive to “#NONE#” will disable all protection. This is not
recommended for a live site, however, it is sometimes used for debugging purposes.

If this parameter is overridden, the defaults are no longer in effect. In that case, you
must explicitly add the default list to the list of excluded patterns.

Category

Value

Syntax

PlsqlErrorStyle
ApacheStyle/ModplsqlStyle/DebugStyle

Default

ApacheStyle

Example

PlsqlErrorStyle ModplsqlStyle

Category

Value

Syntax

PlsqlExclusionList string multiline/#NONE#

Default

dbms_*

utl_*

owa_*

owa.*

htp.*

htf.*