Re: Reporting Discussion. . . Permission-problem with UTL_FILE

Hi,

We went through some debate as to the best way of using UTL_FILE before the DBA would make those critical entries in the init.ora file.

It seems that the main security hole is the fact that the Unix user named "Oracle", the owner of the DB and such, is the creator of all UTL_FILE files.

It appears quite innocuous to give the ability for UTL_FILE to write to a user-accessible directory such as /temp, but it is truly a dangerous situation if users are allowed access to the Unix machine.

A user could do something as innocent as creating a symbolic link in the /tmp directory pointing to some forbidden place (perhaps the init.ora file itself). Since the UTL_FILE processes are owned by Oracle, they will have all of the privileges of Oracle's Unix account when someone uses UTL_FILE to write to the file pointed to by the symbolic link.

To prevent this, in our system we have special directories set up just for UTL_FILE and no one has write access to those directories except for the Oracle user.

Just a thought: Can't you use ODBC to get to your Oracle database? You didn't mention if your SQL*Plus is running on the Unix or on your desktop. See if your DBA can set you up with ODBC connectivity with SQL*Net; you'll then be able to get to the data directly from MS Excel, and this is what you want.

Tad Harrison Received on Sun Dec 06 1998 - 00:00:00 CET