Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: 9iDB Security Hole?
In fact, there is a bug, which I couldn't find last night - 2121935, dated December 2002 !!!
Any ANSI join is a problem.
But this isn't a reason for avoid ANSI syntax, it's a reason for not migrating a production system to 9.0.1
-- Jonathan Lewis http://www.jlcomp.demon.co.uk Author of: Practical Oracle 8i: Building Efficient Databases Next Seminar - Australia - July/August http://www.jlcomp.demon.co.uk/seminar.html Host to The Co-Operative Oracle Users' FAQ http://www.jlcomp.demon.co.uk/faq/ind_faq.html Niall Litchfield wrote in message <3cbbd589$0$238$ed9e5944_at_reading.news.pipex.net>...Received on Tue Apr 16 2002 - 02:44:46 CDT
>"Daniel Morgan" <damorgan_at_exesolutions.com> wrote in message
>news:3CBB5EFC.43A50425_at_exesolutions.com...
>> And no one other than sys should be looking at sys.link$ anyway.
>
>This is the whole point of the thread. As described so far the use of LEFT
>OUTER JOIN in 9i means that any user with create session privilege can look
>at data from any table that exists in the database.
>
>Has someone filed a bug on this yet? This looks like a good reason to avoid
>the ANSI syntax for a while yet.
>