Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: DBMS_JAVA.GRANT_PERMISSION
I have not used;
=20
dbms_java.grant_permission('SYS','java.lang.RuntimePermission','loadLibr
ary....
but have used;
dbms_java.grant_permission( 'MARQUEZ',
'SYS:java.lang.RuntimePermission', 'write/readFileDescriptor'
I did this to enable me to use and run JAVA *in* the database;
CREATE OR REPLACE AND COMPILE JAVA SOURCE NAMED ...the JAVA program does OS commands.
My *guess* is that you developer has JAVA code "outside"? the database that he want to call from "inside" the database?
I question how one could "deviate" from any of this...meaning that one must have the correct set of ROLES, GRANTS, PRIVS to completed any task in the database...JAVA not excluded. Again, my experience was that until I got the right mix privs and java code I wasn't able to have any java fun.
PS I think just saying the words Oracle & JAVA is a security breach at
some level....
PPS Is he using Library "oraawt" specifically...what does it do?
Hth,
Chris Marquez
Oracle DBA
HEYMONitor(tm) - heymonitor.com
"Oracle Monitoring & Alerting Solution"
SQL> execute dbms_java.grant_permission( 'MARQUEZ',
'SYS:java.lang.RuntimePermission', 'writeFileDescriptor', '*' );
PL/SQL procedure successfully completed.
SQL> execute dbms_java.grant_permission( 'MARQUEZ',
'SYS:java.lang.RuntimePermission', 'readFileDescriptor', '*' );
PL/SQL procedure successfully completed.
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Goulet, Dick
Sent: Tuesday, April 19, 2005 10:40 AM
To: oracle-l_at_freelists.org
Subject: RE: DBMS_JAVA.GRANT_PERMISSION
Ron,
=3D09
I did not say the "correct approach", but that there must be "good
reason" for it. I've an application developer who wants to deviate
from the default & am looking for any experience/good reasons that says
we should not.
-----Original Message-----
From: Reidy, Ron [mailto:Ron.Reidy_at_arraybiopharma.com]=3D20
Sent: Tuesday, April 19, 2005 10:33 AM
To: Goulet, Dick; oracle-l_at_freelists.org
Subject: RE: DBMS_JAVA.GRANT_PERMISSION
Hmmm, I would never assume the default set up/behavior from any software vendor is the correct approach, but that is just me :)
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of Goulet, Dick
Sent: Tuesday, April 19, 2005 7:51 AM
To: oracle-l_at_freelists.org
Subject: DBMS_JAVA.GRANT_PERMISSION
Has anyone out there ever had to grant permission for LoadLibrary? There's a Metalink document, Note:259471.1, on how to do it, but are there any downsides? I take the approach that if Oracle set this up as default behavior there is good reason for it. Dick Goulet Senior Oracle DBA Oracle Certified 8i DBA
-- http://www.freelists.org/webpage/oracle-l This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended=3D20 to be for the use of the individual or = entity named above. If you are not the=3D20 intended recipient, please be aware that any disclosure, copying, distribution=3D20 or use of the contents = of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system. -- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-lReceived on Wed Apr 20 2005 - 10:10:48 CDT