| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: 9iDB Security Hole?
I always recommend creating users without create session. Makes for a very
easy DBA life.
:-0
Regards
HJR
-- ----------------------------------------------- Resources for Oracle : http://www.hjrdba.com =============================== "Niall Litchfield" <n-litchfield_at_audit-commission.gov.uk> wrote in message news:3cbbdc03$0$8513$ed9e5944_at_reading.news.pipex.net...Received on Tue Apr 16 2002 - 03:39:16 CDT
> Um yes I wasn't thinking clearly. It may well also be a reason to avoid
> deployment of new systems on 9.0.1. (unless you can avoid creating users
> with create session and create view.).
>
>
> --
> Niall Litchfield
> Oracle DBA
> Audit Commission UK
> *****************************************
> Please include version and platform
> and SQL where applicable
> It makes life easier and increases the
> likelihood of a good answer
>
> ******************************************
> "Jonathan Lewis" <jonathan_at_jlcomp.demon.co.uk> wrote in message
> news:1018943025.13037.0.nnrp-08.9e984b29_at_news.demon.co.uk...
> >
> > In fact, there is a bug, which I couldn't find
> > last night - 2121935, dated December 2002 !!!
> >
> > Any ANSI join is a problem.
> >
> > But this isn't a reason for avoid ANSI syntax,
> > it's a reason for not migrating a production
> > system to 9.0.1
> >
> >
> > --
> > Jonathan Lewis
> > http://www.jlcomp.demon.co.uk
> >
> > Author of:
> > Practical Oracle 8i: Building Efficient Databases
> >
> > Next Seminar - Australia - July/August
> > http://www.jlcomp.demon.co.uk/seminar.html
> >
> > Host to The Co-Operative Oracle Users' FAQ
> > http://www.jlcomp.demon.co.uk/faq/ind_faq.html
> >
> >
> >
> > Niall Litchfield wrote in message
> > <3cbbd589$0$238$ed9e5944_at_reading.news.pipex.net>...
> > >"Daniel Morgan" <damorgan_at_exesolutions.com> wrote in message
> > >news:3CBB5EFC.43A50425_at_exesolutions.com...
> > >> And no one other than sys should be looking at sys.link$ anyway.
> > >
> > >This is the whole point of the thread. As described so far the use of
> LEFT
> > >OUTER JOIN in 9i means that any user with create session privilege can
> look
> > >at data from any table that exists in the database.
> > >
> > >Has someone filed a bug on this yet? This looks like a good reason to
> avoid
> > >the ANSI syntax for a while yet.
> > >
> >
> >
> >
>
>
 |
 |