Re: Aurora JVM (Oracle 8i) Security problem

In article <7fllcq$m0t$1_at_hirame.wwa.com>, datec_at_wwa.com says...
>
>I was going through the example in the Java Stored Procedures manual and
>everything was going fairly smoothly using SQL+PLUS as my interface to the
>Database (all on one machine). I noticed that SQLException errors were just
>being lost and I modified the example to write the errors out to a log file.
>
>I then discovered that the JVM throws a Security Violation / Exception when
>I tried to create the log file. A little more investigation showed that I
>could not EXEC programs or do any of the other "untrusted" things. It looks
>like my Java code was being treated as if it was an untrusted applet.
>
>Is this a misunderstanding on my part or a bug / bad feature?
>
>I can modify the database so that part of the system "trusts" me --- why not
>the JVM.

You can.

From the 8i Java Developer's Guide:

I/O Operations
The policy for checking I/O operations has two parts:

If the dynamic id has JAVASYSPRIV, then the SecurityManager will allow the operation to proceed.

If the dynamic id has JAVAUSERPRIV, then the SecurityManager allows it, subject to the same rules that apply to the PL/SQL FILE_IO package. Specifically, the file must be in a directory (or subdirectory) the utl_file_dir parameter specifies.

Hope that helps.

-Scott Received on Wed Apr 21 1999 - 19:25:12 CDT