Re: Samba on a database server

• From: "Niall Litchfield" <niall.litchfield@xxxxxxxxx>
• To: mcdonald.connor@xxxxxxxxx
• Date: Tue, 25 Jul 2006 16:42:51 +0100

We have recently implemented this, actually our requirement was to write *
out* a file from the db using UTL_FILE but my take on it was.

1) you can control who accesses the data at the UNIX level via an ACL on the
share.
2) you can control who has access to the data at the Unix level
3) you can control who has access to the data at the Oracle level.
4) you might well be able to control access to the data at the application
level. (we could)

In other words I wasn't that concerned :). Now this sort of arrangement does
rather require that everyone thinks about the security requirements, that
the windows and unix sysadmins trust each other (and the dbas and developers
as well for that matter). If you'd chosen application express the
application users could probably have loaded the files directly from the
client PCs by the way.

cheers

Niall

On 7/25/06, Connor McDonald <mcdonald.connor@xxxxxxxxx> wrote:

Our app guys have built a small database app, which amongst other
things, loads image files from a file system into the database - the
intention being that these are files that users can drag/drop from
their PC into this file system.

They've assumed that the files will be local to the database server,
so I'm considering samba to expose a small f/s on the db server.

Our unix admin is resisting - quoting samba is a security risk, and
that it opens our database server up to all sort of attack.

I don't really care whether we use samba or something else or whatever
- but I've been asked to give an informed opinion, so I figured it
would be to defer to anyone (on the list that is informed ... 'cos i'm
not.

Are the risks legitimate ?

Cheers
Connor

--
Connor McDonald
===========================
email: connor_mcdonald@xxxxxxxxx
web:   http://www.oracledba.co.uk

"Semper in excremento, sole profundum qui variat"
--
//www.freelists.org/webpage/oracle-l

--
Niall Litchfield
Oracle DBA
http://www.orawin.info

• References:
  • Samba on a database server
    • From: Connor McDonald

Other related posts:

• » Samba on a database server
• » Re: Samba on a database server

1. Home
2. oracle-l
3. Archive
4. 07-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---