Hi This would be a security risk to have a java callout that can execute any OS command with group ID DBA, this means it could for instance.. call sqlplus -s and execute a script that changes the SYS password....edit the password file and change the password hashes to known values...why not just delete the data files....
please think again and run extproc as a user such as the Unix user "nobody" then any OS command has less chance of causing damage. See "Oracle security step-by-step" book for info on how to set it up or Tom Kytes book, I think mentions this as well. hth kind regards Pete -- Pete Finnigan email:[EMAIL PROTECTED] Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Pete Finnigan INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).