- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 62 Insurance
- 536K On-Premises Infrastructure
- 138.2K Analytics Software
- 38.6K Application Development Software
- 5.7K Cloud Platform
- 109.4K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71.1K Infrastructure Software
- 105.2K Integration
- 41.5K Security Software
URL_DATASTORE, FILE_ACCESS_ROLE and security or the lack thereof
I'd like to talk a bit about the security model behind the FILE_DATESTORE/URL_DATASTORE and the FILE_ACCESS_ROLE. I'm trying to accomplish a very simple thing: use the URL_DATASTORE to index PDF documents stored on another server accessible via HTTP. In order to do that, I have to grant the index owner the FILE_ACCESS_ROLE. However, the documentation states:
This may be undesirable when security is an issue since any user can browse the file system that is accessible to the Oracle user.
I even tested this and tried to index the Oracle user's ".bash_history" file. Guess what: it works.
I'm really confused now. What kind of a security model is this? I can choose between not using this feature at all or using it and thereby allowing access to the contents of all kinds of sensitive files. But I only want to index files via HTTP!! Are there any other options? Why can't you restrict the URL_DATASTORE to HTTP(S) URLs only? Or at least restrict the local file system paths to whitelisted directories. Or something! Is there any remedy?