-
Originally posted by marist89
The difference to me is active management vs. passive management. If I must setup utl_file_dir, then I control where files get written should a "secure" user's authentication be compromised.
And I agree with you to a certain point. But - where does this end? Where is the difference between a "secure" databse user's authentication compromised and a "secure" OS user's authentication compromised? If an intruser succeeds to log on to our system by compromising root (or some other "powerfull") user's security, he wouldn't need to perform any utl_file hanky panky, he would simply use "del oracle.exe", wouldn't he? And we generaly don't consider the mere existance of "root" or "administrator" or some other kind of OS superuser to represent a security thread to the system, do we?
Jurij Modic
ASCII a stupid question, get a stupid ANSI
24 hours in a day .... 24 beer in a case .... coincidence?
-
Hi
I am using Oracle 8i... so does it means that the codes wouldn't work?
-
Originally posted by mooks
Hi
I am using Oracle 8i... so does it means that the codes wouldn't work?
no just that in 9i you don't have to specify utl_file_dir and can create a directory with oracle
I'm stmontgo and I approve of this message
-
Originally posted by jmodic
And I agree with you to a certain point. But - where does this end? Where is the difference between a "secure" databse user's authentication compromised and a "secure" OS user's authentication compromised? If an intruser succeeds to log on to our system by compromising root (or some other "powerfull") user's security, he wouldn't need to perform any utl_file hanky panky, he would simply use "del oracle.exe", wouldn't he? And we generaly don't consider the mere existance of "root" or "administrator" or some other kind of OS superuser to represent a security thread to the system, do we?
Of course there's always the possibility of root getting hacked, but just because that risk exists there's no reason to just "drop your pants" on all the other security measures available.
Personally I would restrict everyone's privileges as much as i can, including in the utl_file_dir specification
-
Hi
I am also encountering the following error:
*
ERROR at line 1:
ORA-20000: ERROR: INVALID PATH FOR FILE OR PATH NOT IN INIT.ORA.
ORA-06512: at "TEST_WRITE", line 33
ORA-06512: at line 1
-
Have you actually read the error message txt, and thought about what it means?
-
I have solved the problem already. The file directory has been truncated which has directed it to the wrong path.
If I enclosed the codes in a trigger, will it slow down the processing in server?
-
Hi
I am encountering the INVALID OPERATION error. I have checked that I have closed all the files (utl_file.fclose_all) that I have opened, so what could be the problem?
How do I check if there are any session not being closed?
Last edited by mooks; 11-03-2003 at 07:01 AM.
-
Is there any ways to check that the file are opened and i have not closed them?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|