Re: grant create any directory to schema

From: MJ Mody <emjay.mody_at_gmail.com>
Date: Mon, 21 Dec 2015 19:37:22 -0600
Message-Id: <4CA37BD1-09BD-4DF7-9B98-CA5DD5530D86_at_gmail.com>

For more info on database hardening, feel free to visit http://benchmarks.cisecurity.org

Cheers

> On Dec 21, 2015, at 6:20 PM, Jeff Chirco <backseatdba_at_gmail.com> wrote:
>
> I have some developers that want to give the CREATE ANY DIRECTORY privilege to a schema (a locked schema in production). They reason is because they would like to use the same directory name but change its location based on the Bing OS user that is logged in. So a file will get read or created in that users home directory.
> To me this seems like a security issue because then in Test/Dev a programmer could change the code to point at any directory they wanted to read potential sensitive data.
> Has anybody dealt with something like this? Is there a way to restrict them (by user) to only creating a directory within a certain folder structure?
>
> Jeff

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Dec 22 2015 - 02:37:22 CET

This message: [ Message body ]
Next message: Andrew Kerber: "Re: grant create any directory to schema"
Previous message: rob: "Re: grant create any directory to schema"
Maybe in reply to: MJ Mody: "Re: grant create any directory to schema"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message