ABSTRACT

Top-level functions or procedures without an AUTHID clause default to AUTHID DEFINER.

EXPLANATION

PL/SQL functions and procedures can be either AUTHID DEFINER or AUTHID CURRENT_USER. Functions and procedures with definer's rights execute under the privileges of the user that defines the code. This can allow updates and access to specific pieces of data without granting access to entire tables or schemas. With invoker's rights, or AUTHID CURRENT_USER, functions and procedures execute under the privileges of the user who invokes them. This does not allow a user to gain access to data it didn't already have access to. If no AUTHID clause is provided, the function or procedure defaults to definer's rights.

Functions and procedures are usually defined by SYS or another highly privileged user, making any exploits of the code potentially more dangerous.

REFERENCES

[1] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 265

[2] Steven Feuerstein Oracle PL/SQL Best Practices O'Reilly

[3] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.5.7, Requirement 7.2

[4] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.8