Revoke Public Permissions on File Access Routines

By default, public can execute the file access functions such as lotofile, filetoclob, and ifx_file_to_file. This can allow attackers to read and write files on the server. To help resolve this security hole, create a role called FileAccess and assign only those users that require file access, as a strict business requirement, membership of this role. Then assign this role the execute permission on the file access routines and revoke the execute permission from public.