Re: UTL_FILE and security

From: rob <rob_at_dsdelft.nl>
Date: Fri, 8 Jun 2001 16:36:59 +0200
Message-ID: <9fqnub$oho$1_at_news.tudelft.nl>

> Hi,
> Are file permissions considered when UTL_FILE is called? For
> example, say a user can't look at files in a directory when logged
> onto the system where the database is runnning. If this directory
> is one of the UTL_FILE directories specified in INIT.ORA, can
> the user call UTL_FILE through SQL*Plus to look at data in the
> directory?
> What if the user doesn't even have an account on the system?
> Thanks,
> Dave Ball

The utl_file operations are executed as user oracle (oracle_owner). So be very carefull about granting access to directories through utl_file. For example utl_file=* enables users to edit init.ora files or even worse corrupt your oracle datafiles.

Rob. Received on Fri Jun 08 2001 - 16:36:59 CEST

This message: [ Message body ]
Next message: Stefan Nilsson: "Running several reports using WEB.SHOW_DOCUMENT."
Previous message: David Ball: "UTL_FILE and security"
In reply to: David Ball: "UTL_FILE and security"
In reply to David Ball: "UTL_FILE and security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message