entered that will allow manipulation of files in
any directory. The wild card parameter is specified in the
initialization file as
DBAs sometimes, mainly due to a lack of clear
requirements, set this to * so that the developers can easily read
and write files anywhere they want. Since changing this parameter
needs a database recycle, the normal temptation is to set this
wildcard. Nothing can potentially cause as much damage as this
setting. Remember, the parameter signifies the directory that the
Oracle software owner user can manipulate. This will allow a user to
open up any file readable and writable by Oracle – including the
datafiles! Even legitimate users without any malicious intent could
inadvertently damage the files this way.
Therefore, never set the parameter to the lazy
setting of *; always use a specific directory name, and that
directory should not be one where the Oracle database sensitive
files are present.
Never set the initialization parameter
utl_file_dir to "*".
Download your Oracle scripts now:
definitive Oracle Script collection for every Oracle professional DBA