Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: ODBC ignores priveleges?

Re: ODBC ignores priveleges?

From: Fuzzy <granta_at_nospam.student.canberra.edu.au>
Date: Wed, 23 Jun 1999 23:24:24 GMT
Message-ID: <37716c47.2110474@newshost.interact.net.au>


On Tue, 22 Jun 1999 14:20:51 -0400, Gerard Tromp <tromp_at_sanger.med.wayne.edu> wrote:

>Greetings,
>
> I have a peculiar situation. When using sqlplus on the server, any
>particular user can only see the tables created by, or granted to, that
>user (direcly or via role). When the database is queried using ODBC from
>a Win95 client, however, all the tables in the tablespace are visible
>and are selectable. Any clues?

Yes, all your users are by default a member of PUBLIC, and PUBLIC by default has select privileges on many system catalog tables, including sys.all_tables.

This is a gigantic security hole that I wish Oracle would remove. Thankfully, you can do it manually by either droping PUBLIC, or revoking it from all users.

Ciao
Fuzzy
:-) Received on Wed Jun 23 1999 - 18:24:24 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US