Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: 9iDB Security Hole?
"Daniel Morgan" <damorgan_at_exesolutions.com> wrote in message
news:3CBB5EFC.43A50425_at_exesolutions.com...
> And no one other than sys should be looking at sys.link$ anyway.
This is the whole point of the thread. As described so far the use of LEFT OUTER JOIN in 9i means that any user with create session privilege can look at data from any table that exists in the database.
Has someone filed a bug on this yet? This looks like a good reason to avoid the ANSI syntax for a while yet.
-- Niall Litchfield Oracle DBA Audit Commission UK ***************************************** Please include version and platform and SQL where applicable It makes life easier and increases the likelihood of a good answer ******************************************Received on Tue Apr 16 2002 - 02:40:55 CDT