Forum Stats

  • 3,824,774 Users
  • 2,260,416 Discussions
  • 7,896,309 Comments

Discussions

URL_DATASTORE, FILE_ACCESS_ROLE and security or the lack thereof

1053685
1053685 Member Posts: 19
edited Feb 8, 2018 7:34AM in Text

I'd like to talk a bit about the security model behind the FILE_DATESTORE/URL_DATASTORE and the FILE_ACCESS_ROLE. I'm trying to accomplish a very simple thing: use the URL_DATASTORE to index PDF documents stored on another server accessible via HTTP. In order to do that, I have to grant the index owner the FILE_ACCESS_ROLE. However, the documentation states:

This may be undesirable when security is an issue since any user can browse the file system that is accessible to the Oracle user.

I even tested this and tried to index the Oracle user's ".bash_history" file. Guess what: it works.

I'm really confused now. What kind of a security model is this? I can choose between not using this feature at all or using it and thereby allowing access to the contents of all kinds of sensitive files. But I only want to index files via HTTP!! Are there any other options? Why can't you restrict the URL_DATASTORE to HTTP(S) URLs only? Or at least restrict the local file system paths to whitelisted directories. Or something! Is there any remedy?

Best Answer

  • Roger Ford-Oracle
    Roger Ford-Oracle Member Posts: 1,132 Employee
    edited Jan 3, 2018 11:53AM Answer ✓

    If you want to provide this facility to a non-DBA user, your best bet is not to use the URL_DATASTORE at all, but to write a USER_DATASTORE procedure which uses the UTL_HTTP package to fetch the URLs for indexing.

    You can then use the security model of UTL_HTTP which is far more comprehensive and flexible than that used by FILE and URL datastores.  If necessary, you use a definer's rights procedure to actually call the UTL_HTTP functions, enabling you to have a specially-privileged user for this purpose only.

    - Roger

Answers

  • Roger Ford-Oracle
    Roger Ford-Oracle Member Posts: 1,132 Employee
    edited Jan 3, 2018 11:53AM Answer ✓

    If you want to provide this facility to a non-DBA user, your best bet is not to use the URL_DATASTORE at all, but to write a USER_DATASTORE procedure which uses the UTL_HTTP package to fetch the URLs for indexing.

    You can then use the security model of UTL_HTTP which is far more comprehensive and flexible than that used by FILE and URL datastores.  If necessary, you use a definer's rights procedure to actually call the UTL_HTTP functions, enabling you to have a specially-privileged user for this purpose only.

    - Roger

  • 1053685
    1053685 Member Posts: 19
    edited Feb 8, 2018 7:34AM

    Thank you! This is exactly what I was looking for. Works like a charm.

This discussion has been closed.