2.2 Use Invoker's Rights
Stored program units and SQL methods execute with a set of privileges. By default, the privileges are those of the schema owner, also known as the definer. The definer's rights not only dictate the privileges, they are also used to resolve object references.
If a program unit does not need to be executed with the escalated privileges of the definer, you should specify that the program unit executes with the privileges of the caller, also known as the invoker. Invoker's rights can mitigate the risk of SQL injection. However, using invoker's rights do not guarantee complete elimination of SQL injection risk.
Stored program units to be executed with invoker's rights must include the AUTHID CURRENT_USER clause.
 |
Click here for an example of using invoker's rights. |
Choosing Between AUTHID CURRENT_USER and AUTHID DEFINER
Use Definer's Right: |
When you want to provide users unrestricted access to a table or tables via a subprogram, create the subprogram with definer's right. |
| Use Invoker's Right: | When the purpose of the subprogram is to perform a parameterized, but powerful, operation by using the privileges of the user that invokes it, create the subprogram with invoker's right. Using invoker's rights helps to limit the privileges, and thereby, minimize the security exposure. However, it is not sufficient as the sole measure for eliminating SQL injection vulnerabilities. |
 |
For more details on this topic see: OracleŽ Database PL/SQL User's Guide and Reference, Invoker's Rights Versus Definer's Rights (AUTHID Clause) |