Re: Any valid security concerns using Data Pump over conventional exp/imp?
Date: Wed, 1 Sep 2010 12:36:45 -0700
Message-ID: <AANLkTimbATos4nOcK9+YV5XYbYVA4LUMiX4RJJMqyzn__at_mail.gmail.com>
Not to belittle the concerns of your co-workers, but given the degree of control one has over directory objects (where they are, who can access them, etc), I would be far more worried about the security of the data going over the wire to a client machine in a "classic" export situation than I would be about the security of directory objects. You can control what's happening on the server side far more effectively than you can track the client-side dump files.
You don't mention which database version you're using, but there can be a concern about privileged execution from within 10g directory objects; the addition of the execute privilege in 11g mitigates this concern somewhat. Careful management/documentation of privileges and their justifications is always important, of course. :-)
Regards,
John P.
On Wed, Sep 1, 2010 at 12:03 PM, Bill Myers <bwmyers_at_gmail.com> wrote:
> Hey all,
> Are there any security concerns out there using Data Pump (server side)
> over conventional exp/imp (client side)? I've started a new job and some
> "older" DBAs refuse to allow the use of Data Pump since it allows a
> privileged database user to directly access the O/S through an Oracle
> directory object. Can't these concerns be addressed through the use of ACLs
> and other means to secure the O/S target directory?
>
> Thanks in advance.
> Bill
> 9i OCA/10g OCP DBA
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Sep 01 2010 - 14:36:45 CDT