Thursday, January 27, 2005

security and integrity issues for .dmp files

There is a lot that needs to be done before we can safely share .dmp files.

First, any attempt to change a parent directory or file name is both unsupported AND a security violation. Similarly, adding a parent directory or file name when a file already has one is unsupported, a security violation AND a type violation. (These are simple properties, not sets.)

As previously covered, deleting a parent directory or file name should result in the file being deleted--including any local values and references not included in the .dmp file!

But we also should apply type checking. And in so doing, we can exclude consequental changes from .dmp files while inferring them when doing a load/restore.

The short of it is that we need to move .dmp file processing from the TKS level up to the TKCS level. This is a major effort, but needs to be done before we do too much file sharing.

0 Comments:

Post a Comment

<< Home