Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.misc -> Re: UTL_FILE permission

Re: UTL_FILE permission

From: Dave <>
Date: Thu, 04 Nov 2004 19:19:39 GMT
Message-ID: <fhvid.29057$>

"Nisar Tareen" <> wrote in message
> Frank,
> Yes * will be a lose security, But do any one goes to Production in
> your environemnt and write what ever they wish. Application code is
> audited before
> being put in Produciton in my envirnonment and If you break it you pay
> for it.
> Secondly, in the same email I had given the option for creating a
> directory, Make that directory available to a group so it is saved or
> public depends on the need and the fellow rased the problem did not
> mention or request it, Remember the rule, NEVER ASSUME. I remember
> and follow it every day.
> Third put the output it in a secure diretory and with an script runing
> timely copy in to the users directory, Make the file naming convention
> such that you can identifiy files created by a users.
> Frank, When people ask for solution give the solution that they can
> work with, Yes, not bad to give the warning or security, that's why
> people look for strong DBA i.e. they have solutions and security in
> control.
> On my site never a system files are blown up, DBA who get scare do not
> have solution they are fear monster on the site/s. In my environment
> security is concern and taken care of but do not stop developers to
> stop developing and have 500 miles loop for solution.
> Good Luck.
> Nisar tareen
> "Dave" <> wrote in message
> news:<66did.24950$>...
>> "Nisar Tareen" <> wrote in message
>> > Frank,
>> >
>> > On the Oracle Parameter UTL_FILE give * as parameter.
>> >
>> > Then Ask your administrator to create a public libary where every one
>> > else could create the files or access from this directory chmod 777
>> > Oracle_temp. Let it be out side the Oracle example /Oralce_temp
>> >
>> > Then in update utl_file = /Oracle_temp it you are the only creater
>> > of these output from oracle else leave this parameter as * and give
>> > the path in before your output file and your user will be able to use
>> > the file.
>> >
>> > Good Luck.
>> >
>> > Nisar Tareen
>> >
>> >

firstly my name is dave.

Secindly you never mentioned directories as in the oracle directory feature.

Thirdly, if you put *, i dont care what application code you have, i will go into sql*plus with only create session and go an delete the system datafile

fourthly, putting a script to copy into home directories - so you open up users home diretories to others? very secure.

The only answer tro the original question is umask. utl_fle_dir is a deprecated feature nowadays - use directories, a directory for each developer would be lovely and give read access to the developers in there Received on Thu Nov 04 2004 - 13:19:39 CST

Original text of this message