Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Possible SECURITY ERROR ?
I have an Oracle 8.04. server on NT.
Everyone can explain me if it is true or is a terrible bug ?
I have two schemas: User_a User_b Their passwords are: Pass_a Pass_b
User_a has the system privilege:Grant Any Role.
User_a has created a role with this statement:
Create role Role_a identified by Test;
User_a has performed this statement:
Grant Role_a to User_b identified by test;
The result is ...
The password of User_b is Test !!! and not Pass_b.
So User_a has the possibility of change the password of any schema !!!
Received on Sun Jan 24 1999 - 06:55:07 CST