Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Possible SECURITY ERROR ?

Possible SECURITY ERROR ?

From: Isaac Chocron <Itshak_at_hadassah.org.il>
Date: Sun, 24 Jan 1999 14:55:07 +0200
Message-ID: <36AB182B.87F0CFB0@hadassah.org.il> 





I have an Oracle 8.04. server on NT.



Everyone can explain me if it is true or is  a terrible bug ?


I have two schemas:    User_a        User_b
Their passwords are:    Pass_a        Pass_b





User_a has the system privilege:Grant Any Role.



User_a has created a role with this statement:


    Create role Role_a identified by Test;



User_a has performed this statement:


    Grant Role_a to User_b identified by test;



The result is ...


    The password of User_b is Test !!! and not Pass_b.



So User_a has the possibility of change the password of any schema !!!







Received on Sun Jan 24 1999 - 06:55:07 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US