Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: 9iDB Security Hole?

Re: 9iDB Security Hole?

From: Jonathan Lewis <jonathan_at_jlcomp.demon.co.uk>
Date: Tue, 16 Apr 2002 21:35:48 +0100
Message-ID: <1018989327.14755.0.nnrp-13.9e984b29@news.demon.co.uk> 






As Howard has pointed out, if you can create
views, you can create updatable join views,
and then you can change or delete any


data you want in the system.



Strangely, you have to be able to create
the views as dictionary views.  If you try
the trick using in-line views, then the loophole
closes.



--
Jonathan Lewis
http://www.jlcomp.demon.co.uk

Author of:
Practical Oracle 8i: Building Efficient Databases

Next Seminar - Australia - July/August
http://www.jlcomp.demon.co.uk/seminar.html

Host to The Co-Operative Oracle Users' FAQ
http://www.jlcomp.demon.co.uk/faq/ind_faq.html



Niall Litchfield wrote in message
<3cbc8537$0$231$cc9e4d1f_at_news.dial.pipex.com>...



>just for completeness what happens if you also grant create view to us1?

>

>



Received on Tue Apr 16 2002 - 15:35:48 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US