Thread started: Jan 23 2008, 3:30 PM EST
Watch
It appears that when invoking impdp or expdp there is no choice but to supply both username and password on the command line.
This is a gross security violation in an environment where non-privileged users have any kind of shell access to a (UNIX) server.
Oracle Corp. should know better - shame on you!
14
out of
36 found this valuable.
Do you find this valuable?
Do you?
Show Last Reply
|
|
Last Reply:
RE: Data Pump Security
By: ,
Jan 28 2008, 3:42 PM EST
That's certainly a workaround but there should be no need for a workaround.
When running jobs that require non-trivial parameters it is nearly inevitable that a parameter file will be used.
All Oracle Corp. needed to do was maintain the exp/imp capability of placing credentials in that file.
Removing that option is more than just unfortunate - it's plain sloppy.
5
out of
16 found this valuable.
Do you find this valuable?
Do you?
|
