I have already tried and tested using UTL_HTTP package to request http using oracle pl/sql but due to some requirement issues I am not allowed to use this package in my work, so I am looking for an alternative of this package in oracle pl/sql to request http.
1 Answer
There is no need for an alternate to UTL_HTTP, that package is only unavailable because of a misunderstanding of the security rules. Ask your DBA to grant execute on UTL_HTTP to public, a role, or your account.
It's important to know where the security rules came from, to know when they no longer apply. Most DBAs have no idea where their security policies originate from. Most of them simply get the scripts or policies from a coworker and don't question it. If you were to trace it back, it's likely that someone at your organization received a script from a security auditor. The security auditors almost always copy their script verbatim from the Security Technical Implementation Guide (STIG), produced by the Department of Defense.
Which means the real security policies can be found in either the 11g Oracle STIG or the 12c Oracle STIG.
The XML file for the 11g guide contains this rule: SV-68213r1_rule, "Execute permission must be revoked from PUBLIC for restricted Oracle packages." That rule recommends executing this command:
revoke execute on UTL_HTTP from PUBLIC;
But the guide clearly says that it is OK to grant execute privileges to specific users. The rule is only to revoke the grant from PUBLIC, not to prevent everyone from using the package. And that rule does not even exist in 12c.
UTL_TCP, but if your DBAs have an irrational fear ofUTL_HTTPthey should be even more scared ofUTL_TCP...