Re: UTL_FILE permission

"Nisar Tareen" <ntareen_at_yahoo.com> wrote in message news:6134f1ca.0411040617.3f144eac_at_posting.google.com...
> Frank,
>
> Yes * will be a lose security, But do any one goes to Production in
> your environemnt and write what ever they wish. Application code is
> audited before
> being put in Produciton in my envirnonment and If you break it you pay
> for it.
>
> Secondly, in the same email I had given the option for creating a
> directory, Make that directory available to a group so it is saved or
> public depends on the need and the fellow rased the problem did not
> mention or request it, Remember the rule, NEVER ASSUME. I remember
> and follow it every day.
>
> Third put the output it in a secure diretory and with an script runing
> timely copy in to the users directory, Make the file naming convention
> such that you can identifiy files created by a users.
>
> Frank, When people ask for solution give the solution that they can
> work with, Yes, not bad to give the warning or security, that's why
> people look for strong DBA i.e. they have solutions and security in
> control.
>
> On my site never a system files are blown up, DBA who get scare do not
> have solution they are fear monster on the site/s. In my environment
> security is concern and taken care of but do not stop developers to
> stop developing and have 500 miles loop for solution.
>
> Good Luck.
>
> Nisar tareen
> "Dave" <x_at_x.com> wrote in message
> news:<66did.24950$Bk6.7622_at_fe2.news.blueyonder.co.uk>...
>> "Nisar Tareen" <ntareen_at_yahoo.com> wrote in message
>> news:6134f1ca.0411031225.73f68e2_at_posting.google.com...
>> > Frank,
>> >
>> > On the Oracle Parameter UTL_FILE give * as parameter.
>> >
>> > Then Ask your administrator to create a public libary where every one
>> > else could create the files or access from this directory chmod 777
>> > Oracle_temp. Let it be out side the Oracle example /Oralce_temp
>> >
>> > Then in update utl_file = /Oracle_temp it you are the only creater
>> > of these output from oracle else leave this parameter as * and give
>> > the path in before your output file and your user will be able to use
>> > the file.
>> >
>> > Good Luck.
>> >
>> > Nisar Tareen
>> >
>> >

firstly my name is dave.

Secindly you never mentioned directories as in the oracle directory feature.

Thirdly, if you put *, i dont care what application code you have, i will go into sql*plus with only create session and go an delete the system datafile

fourthly, putting a script to copy into home directories - so you open up users home diretories to others? very secure.

The only answer tro the original question is umask. utl_fle_dir is a deprecated feature nowadays - use directories, a directory for each developer would be lovely and give read access to the developers in there Received on Thu Nov 04 2004 - 13:19:39 CST