| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: Why is Oracle letting me do this? Security issue?
PMG wrote:
>
> I'd love to find out what the official term for this, and the justification for
> it. It seems to be a loophole in security, since I can indirectly modify a table
> that I do not have direct permissions assigned.
>
> Pete
>
> Andrew Babb wrote:
>
> > Hi,
> >
> > I think you will find that the trigger fires as the owner, and not as the
> > person performing the initial insert. Therefore, it is the schema of table A
> > performing the insert into table B, not User X performing the insert into
> > table B.
> >
> > Oracle does have an official term for this, which someone might be able to
> > provide, but I cannot remember immediately.
> >
> > Rgds
> > Andrew
> >
Its not really a security hole....
(If you believe the Oracle marketeers...) it is a similar philosophy to object..The triggers/plsql/etc etc are "methods" for the objects (namely a table in this instance)...By "publishing" methods are you are providing a "rigorous" and "well-defined" access to the objects you are coding around...
There you go - thirty cliches in a single sentence..
But the concept does work...
--
 |
 |