I know one can create an Oracle directory over an existing OS directory but it appears from discussion that one can't create an OS directory. (see: create system folder(physical folder) in database server ) which I find completely bemusing.
For example, assume the following:
1. I manually create an OS directory called /CustomerOutputs from the OS command line
2. I create an Oracle directory called CUSTOMER_OUTPUTS that maps to /CustomerOutputs
Now, using utl_file I can output as many files as I want to CUSTOMER_OUTPUTS ie. /CustomerOutputs.
I cannot see why the above is any more secure than allowing the following:
utl_os.create_dir(vParentOracleDirectory => 'CUSTOMER_OUTPUTS',vDirectoryName => 'myNewSubDirectory'); to create the newOS directory /CustomerOutputs/myNewSubDirectory
Specifically my questions are as follows:
1. why is creating a sub-directory of a managed Oracle Directory considered more of a security risk than creating a file under a managed Oracle Directory?
2. Apparently in the above thread it is possible to create a folder using Java from within the database. If this is the case then as far as I can see Oracle's approach to OS security is inconsistent, as creating a subdirectory should either be allowed from the database or it should not be allowed. Can anyone elaborate on this?