Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Use of host command from scripted SQL)++

Re: Use of host command from scripted SQL)++

From: Phil Singer <psinger1_at_chartermi.net>
Date: Mon, 18 Dec 2006 22:54:03 -0500
Message-ID: <4588B37A.3060702@chartermi.net> 





Jared Still wrote:


> On 12/18/06, *Phil Singer* <psinger1_at_chartermi.net 

> <mailto:psinger1_at_chartermi.net>> wrote:

> 

>     David Moss wrote:

> 

>     For example, where I

>     work, the Powers That Be have decreed that DBI cannot be used.  Cannot

>     be installed anywhere.  Too big a security risk.  

> 

> 

> 

> Can you elaborate on how it was determined that DBI is a security risk?

> 

> 




Your question presumes that there is a sane answer to it.  Since I do 
not think that there is, I must make do with some background and 
speculation.



Background:  A few years ago, these same Powers were very upset to learn 
that a Unix user named 'root' could access any file on the system.



Speculation:  1)  Perl/DBI0 are Open Source.  If a bug in either of them 
results in damage to the company, there is no one to sue.  This is a big 
  risk.



2)  Early versions (7 - 9 years ago) tended to have holes and hang 
servers, and it got a bad reputation.



3) Old Batch Perl scripts tend to have passwords coded in-line.



I gave up fighting this long ago.

--
http://www.freelists.org/webpage/oracle-l


Received on Mon Dec 18 2006 - 21:54:03 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US