Re: Use of host command from scripted SQL)++

Jared Still wrote:
On 12/18/06, *Phil Singer* <psinger1@xxxxxxxxxxxxx <mailto:psinger1@xxxxxxxxxxxxx>> wrote: 

    David Moss wrote:

    For example, where I
    work, the Powers That Be have decreed that DBI cannot be used.  Cannot
be installed anywhere. Too big a security risk. 


Can you elaborate on how it was determined that DBI is a security risk?
Your question presumes that there is a sane answer to it. Since I do not think that there is, I must make do with some background and speculation.
Background: A few years ago, these same Powers were very upset to learn that a Unix user named 'root' could access any file on the system.
Speculation: 1) Perl/DBI0 are Open Source. If a bug in either of them results in damage to the company, there is no one to sue. This is a big risk.
2) Early versions (7 - 9 years ago) tended to have holes and hang servers, and it got a bad reputation. 

3) Old Batch Perl scripts tend to have passwords coded in-line.

I gave up fighting this long ago.
--
http://www.freelists.org/webpage/oracle-l

Other related posts: