News, views, tips and tricks on Oracle and other fun stuff

Avoid UTL_FILE_DIR Security Weakness – Use Oracle Directories Instead


The UTL_FILE database package is used to read from and write to operating system directories and files. By default, PUBLIC is granted execute permission on UTL_FILE. Therefore, any database account may read from and write to files in the directories specified in the UTL_FILE_DIR database initialization parameter […] Security considerations with UTL_FILE can be mitigated by removing all directories from UTL_FILE_DIR and using the Directory functionality instead.

Filed in Oracle on 04 Aug 14 | Tags: ,

Comments are closed.