| Oracle DIRECTORY object [message #334153] |
Tue, 15 July 2008 09:51  |
gkrishn
Messages: 506
Registered: December 2005
Location: Putty a dark screen
|
Senior Member |
|
|
Is it a security threat to grant CREATE ANY DIRECTORY privilege to a user ?
I have only two options in front of me to create a directory.
1)create in SYS schema , and grant READ/WRITE to a application user.
2)grant CREATE ANY DIRECTORY to application user and create directories connecting as application user .
Finaly, i have to zero in to second option as creating a user object in SYS schema is not a recommended method ... any idea if that is a security threat going for second option ..
Any experience ??
|
|
|
|
| Re: Oracle DIRECTORY object [message #334155 is a reply to message #334153] |
Tue, 15 July 2008 09:55  |
 |
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
|
Senior Member
Account Moderator |
|
|
Well,
you are giving access to any directory (ie, any underlying filesystem accessible)in server.
The "application user" must have knowledge on available directories, else the files would end up anywhere ( / or /tmp).
And anyone can go crazy anytime 
[Updated on: Tue, 15 July 2008 09:59] Report message to a moderator |
|
|
|
|
|
| Re: Oracle DIRECTORY object [message #334158 is a reply to message #334153] |
Tue, 15 July 2008 10:04 |
gkrishn
Messages: 506
Registered: December 2005
Location: Putty a dark screen
|
Senior Member |
|
|
Its a DEV database.
Thanks Mike,Mahesh .
That being a threat , i have decided to create in SYS itself  only thing is i need to give a strong hint to app team that, this should be carried to production as well during the migration.
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
