Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: 9iDB Security Hole?

Re: 9iDB Security Hole?

From: Niall Litchfield <n-litchfield_at_audit-commission.gov.uk>
Date: Tue, 16 Apr 2002 08:40:55 +0100
Message-ID: <3cbbd589$0$238$ed9e5944@reading.news.pipex.net> 





"Daniel Morgan" <damorgan_at_exesolutions.com> wrote in message
news:3CBB5EFC.43A50425_at_exesolutions.com...


> And no one other than sys should be looking at sys.link$ anyway.




This is the whole point of the thread. As described so far the use of LEFT
OUTER JOIN in 9i means that any user with create session privilege can look
at data from any table that exists in the database.



Has someone filed a bug on this yet? This looks like a good reason to avoid
the ANSI syntax for a while yet.



--
Niall Litchfield
Oracle DBA
Audit Commission UK
*****************************************
Please include version and platform
and SQL where applicable
It makes life easier and increases the
likelihood of a good answer

******************************************


Received on Tue Apr 16 2002 - 02:40:55 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US