Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Discovered way to grant/revoke any right from any user!

Re: Discovered way to grant/revoke any right from any user!

From: Jonathan Lewis <jonathan_at_jlcomp.demon.co.uk>
Date: Fri, 16 Apr 1999 19:09:14 +0100
Message-ID: <924286356.17824.0.nnrp-06.9e984b29@news.demon.co.uk> 






But there are all sorts of privileges that could destroy
or compromise the database.



How about:


    grant insert any table ?



Couldn't a user with this privilege can insert
sufficient data into SYS tables to end up doing
whatever else they fancy ?




--



Jonathan Lewis


Yet another Oracle-related web site: www.jlcomp.demon.co.uk



Sybrand Bakker wrote in message


<924283784.10592.0.rover.d4ee154e_at_news.demon.nl>...


>Is that a security loophole or is that a security loophole!





>Thomas Kyte wrote in message <371a1585.9435998_at_192.86.155.100>...


>> If a user has "CREATE ANY PROCEDURE" and "EXECUTE ANY PROCEDURE"





Received on Fri Apr 16 1999 - 13:09:14 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US