Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: javasyspriv - a security vulnerability?
In article <FA6dnX2lyf0AIyygXTWcqw_at_comcast.com>, "SA" says...
>
>I have a java stored proc created in a schema to execute OS commands on UNIX
>(Database version 9.2). This schema has been granted JAVASYSPRIV.
>
>If I create a file using this stored proc, the file gets ownership of unix
>id oracle. How can I prevent this to happen? Can I control my environment in
>such a way that this java stored proc creates file with a specified unix id
>and not oracle id?
>
>On a side note, is this behavior not a security vulnerability?
>
>thanks
>
>
>
>
see
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:6030704392784
for a discussion of this.
-- Thomas Kyte (tkyte@oracle.com) http://asktom.oracle.com/ Expert one on one Oracle, programming techniques and solutions for Oracle. http://www.amazon.com/exec/obidos/ASIN/1861004826/ Opinions are mine and do not necessarily reflect those of Oracle CorpReceived on Sun Oct 20 2002 - 10:52:49 CDT