Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Why is Oracle letting me do this? Security issue?
You could/should look at this the other way round:
First: you only know that your insert into table A is causing an insert into table B because you are a privileged user. If you had only the privilege to insert into A you could not discover that a side-effect of inserting into A was that a consequential insert into B took place.
Secondly: by ensuring that any action you take on data in table A results in an insert into table B the application developer can ensure that an audit trail is kept of any action you take __without your knowledge__ This makes it a security feature, not a security loophole.
--
Jonathan Lewis
Yet another Oracle-related web site: www.jlcomp.demon.co.uk
>PMG wrote:
>
>> I'd love to find out what the official term for this, and the
justification for
>> it. It seems to be a loophole in security, since I can indirectly modify
a table
>> that I do not have direct permissions assigned.
>>
>> Pete
>
>> Andrew Babb wrote:
>>
>> > Hi,
>> >
>> > I think you will find that the trigger fires as the owner, and not as
the
>> > person performing the initial insert. Therefore, it is the schema of
table A
>> > performing the insert into table B, not User X performing the insert
into
>> > table B.
Received on Tue Apr 20 1999 - 14:18:33 CDT