| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Password for sys, system account - Uncooperative client
IIRC, this gives you access to SYS.LINK$ (among others). This allows
you to see the plain-text passwords used by fixed-user dblinks, if any
are present.
On 6/9/05, John P Weatherman <asahoshi_at_infionline.net> wrote:
> Ron,
>=20
> I read the article and see where it says not to grant it, but I do not se=
e anything about it "subverting" anything. Rather it seems to be a concern= that this may be more privilege than is needed and so violates the "least = privilege principle". I wouldn't want to generally grant this or any "ANY= " privilege, but I still do not see a specific risk to granting admins/cons= ultant admins this level of view privilege. Are you able to use this to 1)= see actual company data and not just the dictionary views or 2) update any=thing? If not, what is the specific concern? What am I missing? >=20
--=20
"I'm too sexy for my code." - Awk Sed Fred.
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Jun 09 2005 - 11:51:00 CDT
 |
 |