| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Security - Read-only user can modify data via views
yes, and I told the poster, Alexander Kornbrust, that his company is very
careless and irresponsible by revealing so much detail. It took little
time before I was able to delete data that wasn't mine or change dba
account passwords for which my oracle account had no priv. No patch
available yet and it works in all latest and greatest database versions.
Checked it myself
Are you ready for the next Cpu?
Regards,
Andre
-: An Oracle error is an index on the solutions table :- -: Andre
> Has anyone read this -
>
> http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html
>
> The note mentioned seems to be have taken out from the metalink now.
>
> Thanks
> Manmohan
>
> --
> _______________________________________________
>
> Search for businesses by name, location, or phone number. -Lycos Yellow
> Pages
>
> http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Apr 12 2006 - 06:27:37 CDT
 |
 |