Sexmeetchat com When updating security for a remote procedure call

do a dir c:\windows\command.* show us the entire example from the dbms_java calls to the create or replace and compile java source to the call you are doing itself.

Run This(Util:11) PL/SQL procedure successfully completed. November 22, 2001 - am UTC Ok, is there a c:\windows\?

when updating security for a remote procedure call-47

When I run the ps command everything work fine, but when I run the ftp command ("/usr/bin/ftp -vin January 17, 2002 - am UTC ftp is waiting for the username and password to be entered and ftp refuses to read this from stdin as you are trying (i assume you have the username/password in the parfile.txt) Do a man on netrc to see how to setup a .netrc (in the ORACLE account -- could be somewhat "dangerous").A better approach might be to use some java classes that let you PROCEDURALLY do an ftp from java -- in that fashion, you can alleviate the inherit security issues with the .netrc file solution.We could have allowed it to execute /usr/bin/* or * or whatever -- I'm just letting it execute that one program. To make this callable as a procedure (ignoring the return code), we'll create a procedure: [email protected] exec rc('/usr/bin/ps -ef'); UID PID PPID C STIME TTY TIME CMD root 0 0 0 Aug 17 ? EXE *** 2001-11-22 .720 *** SESSION ID:(17.10) 2001-11-22 .610 Specified COMMAND search directory bad Microsoft(R) Windows 98 (C)Copyright Microsoft Corp 1981-1998. You see the error message there "Specified COMMAND search directory bad" and a command prompt. Unfortunately for you - this command prompt is in the background, you cannot see it, you cannot type into it. 1.) Granted the following privs from sys: begin dbms_java.grant_permission ('SCOTT', 'Now, RT_TEST would create in its schema: [email protected] create or replace 2 function RUN_CMD( p_cmd in varchar2) return number 3 as 4 language java 5 name 'Util. File Permission', '/tmp/*', 'execute'); dbms_java.grant_permission ('SCOTT', 'you would need to run a SHELL that understands "|" and "", something like: sh -c 'ps -ef | grep oracle' BUT -- then you would need execute on /bin/sh, with that you can run ANY command as the user "oracle" (or who ever starts the database).

That would let you for example "sh -c rm -rf /*" and erase everything oracle is allowed to erase.Creating a standard ftp shell script with predefined input parms is better. From what I can remember the DBMS_PIPE solution (see this site) doesn't have the special character limitation. Apologies for my total lack of java knowledge (I'm getting there...), but your example (which worked fine in 8i) appears to bomb out under my 9i version.Could you post if the same code works under one of your 9i versions?SQLI just removed the String array definition on the PL/SQL wrapper function and the Java method. WORLD begin 2 dbms_java.grant_permission 3 ('RT_TEST', 4 'I've included all the code again (and an example) below. My assumption is that the JVM-PL/SQL data type pickler may have automatically promoted non-array types to arrays when required. File Permission', 5 '/usr/bin/ls', 6 'execute'); 7 8 dbms_java.grant_permission 9 ('RT_TEST', 10 'The Ask TOM team is taking a break over the holiday season. Security Permission n what happens if you just enter: c:\windows\/c dir on the dos prompt itself. what if you create a script: do_dir.bat: @echo off dir and run that instead?