*"You have to grant access to the specific procedures that access the network in any case (eg, utl_mail), so adding the additional level of required privilege is simply annoying."* Not according to the documentation. *"This feature enhances security for network connections because it restricts the external network hosts that a database user can connect to using the PL/SQL network utility packages UTL_TCP, UTL_SMTP, UTL_MAIL, UTL_HTTP, and UTL_INADDR, the DBMS_LDAP PL/SQL package, and the HttpUriType type. Otherwise, an intruder who gained access to the database could maliciously attack the network, because, by default, the PL/SQL utility packages are created with the EXECUTE privilege granted to PUBLIC users."* Seth On Wed, Jul 9, 2014 at 8:45 AM, Andrew Kerber <andrew.kerber@xxxxxxxxx> wrote: > Shameless plug, some time ago I wrote a trigger to add users to the > network acl when they were granted execute to utl_mail. Link below, some > may find it useful: > > http://dbakerber.wordpress.com/2013/06/28/update-to-utl_mail-trigger/ > > > On Wed, Jul 9, 2014 at 2:20 AM, Tim Hall <tim@xxxxxxxxxxxxxxx> wrote: > >> I think it's actually a neat feature. >> >> - As Don Seiler says, it gives you an element of control over what the >> database is connecting to. It is good to know and understand the interfaces >> that are being used. >> >> - When the developers ask for something to be opened, it gives you the >> opportunity to discuss their approach to make sure it makes sense. On >> numerous occasions, once I probed a little, I've found they are using a >> totally inappropriate solution. If they had not had to initiate the >> contact, we would have implemented sh*t. :) >> >> I never do a blanket open all ACL (exception on my play VMs). >> >> Cheers >> >> Tim... >> > > > > -- > Andrew W. Kerber > > 'If at first you dont succeed, dont take up skydiving.' >