Aha. And it is marked as fixed in 9.2. Strangely it was not backported to
9.0.1, though the issue is very serious from my point of view - ANSI joins
completely ignore any database security and, as Howard Rogers
demonstrated, can easily lead to disaster.
--
Vladimir Zakharychev (bob@dpsp-yes.com) http://www.dpsp-yes.com
Dynamic PSP(tm) - the first true RAD toolkit for Oracle-based internet applications.
All opinions are mine and do not necessarily go in line with those of my employer.
"Jonathan Lewis" <jonathan_at_jlcomp.demon.co.uk> wrote in message
news:1018943025.13037.0.nnrp-08.9e984b29_at_news.demon.co.uk...
>
> In fact, there is a bug, which I couldn't find
> last night - 2121935, dated December 2002 !!!
>
> Any ANSI join is a problem.
>
> But this isn't a reason for avoid ANSI syntax,
> it's a reason for not migrating a production
> system to 9.0.1
>
>
> --
> Jonathan Lewis
> http://www.jlcomp.demon.co.uk
>
> Author of:
> Practical Oracle 8i: Building Efficient Databases
>
> Next Seminar - Australia - July/August
> http://www.jlcomp.demon.co.uk/seminar.html
>
> Host to The Co-Operative Oracle Users' FAQ
> http://www.jlcomp.demon.co.uk/faq/ind_faq.html
>
>
>
> Niall Litchfield wrote in message
> <3cbbd589$0$238$ed9e5944_at_reading.news.pipex.net>...
> >"Daniel Morgan" <damorgan_at_exesolutions.com> wrote in message
> >news:3CBB5EFC.43A50425_at_exesolutions.com...
> >> And no one other than sys should be looking at sys.link$ anyway.
> >
> >This is the whole point of the thread. As described so far the use of LEFT
> >OUTER JOIN in 9i means that any user with create session privilege can look
> >at data from any table that exists in the database.
> >
> >Has someone filed a bug on this yet? This looks like a good reason to avoid
> >the ANSI syntax for a while yet.
> >
>
>
>
Received on Tue Apr 16 2002 - 02:53:18 CDT
