PUBLIC privileges on XDB$ACL

From: <david_at_databasesecurity.com>
Date: Thu, 19 Jul 2012 03:31:52 +0100
Message-ID: <C1C9D363047C403D82DDC55F137B39FF_at_NAUTILUS>

Hey all,
I'm trying to track down the source of a overly permissive privilege issue on XDB$ACL. At about Oracle 9.2 when Oracle XML Database is installed it seems catqm.sql (or one of its sub-scripts) executed

"grant all on XDB.XDB$ACL to public"

Current version of Oracle don't, but I'm trying to work out if earlier or later versions also did this too. Any help would be very much appreciated! Thanks,
David

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Jul 18 2012 - 21:31:52 CDT

This message: [ Message body ]
Next message: Randal Bennett: "Re: Deletion of old Archived Redo Logs"
Previous message: Peter Sharman: "RE: EM 12c Agent Install - Windows"
In reply to: Tim Hall: "Re: ASM on Linux 6"
Next in thread: Rich Jesse: "Re: PUBLIC privileges on XDB$ACL"
Reply: Rich Jesse: "Re: PUBLIC privileges on XDB$ACL"
Reply: David Fitzjarrell: "Re: PUBLIC privileges on XDB$ACL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message