Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Discovered way to grant/revoke any right from any user!
But there are all sorts of privileges that could destroy or compromise the database.
How about:
grant insert any table ?
Couldn't a user with this privilege can insert sufficient data into SYS tables to end up doing whatever else they fancy ?
--
Jonathan Lewis
Yet another Oracle-related web site: www.jlcomp.demon.co.uk
Sybrand Bakker wrote in message
<924283784.10592.0.rover.d4ee154e_at_news.demon.nl>...
>Is that a security loophole or is that a security loophole!
>Thomas Kyte wrote in message <371a1585.9435998_at_192.86.155.100>...
>> If a user has "CREATE ANY PROCEDURE" and "EXECUTE ANY PROCEDURE"
Received on Fri Apr 16 1999 - 13:09:14 CDT