What do people think about the Oracle method where bulk data operations
can only occur in a specified directory? Making that restriction might
address some of the security concerns. I don't think we should change
COPY in such a way that you *have* to use a specified directory, but if
it was an option that helped with the security concerns...
Oracle's new (well, since 9i) DIRECTORY object (see http://download-west.oracle.com/docs/cd/B14117_01/server.101/b10759/statements_5007.htm#sthref4678) has proven itself to be a flexible approach for me.
A privileged account creates the DIRECTORY object like so:
CREATE OR REPLACE DIRECTORY my_dir AS '/var/tmp/my_dir';
and then grants access to it:
GRANT READ ON my_dir to db_username;
I'd envision the COPY command using the DIRECTORY object something like:
COPY my_table FROM my_dir:'file.txt';
