Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: 9iDB Security Hole?
As Howard has pointed out, if you can create
views, you can create updatable join views,
and then you can change or delete any
data you want in the system.
Strangely, you have to be able to create the views as dictionary views. If you try the trick using in-line views, then the loophole closes.
-- Jonathan Lewis http://www.jlcomp.demon.co.uk Author of: Practical Oracle 8i: Building Efficient Databases Next Seminar - Australia - July/August http://www.jlcomp.demon.co.uk/seminar.html Host to The Co-Operative Oracle Users' FAQ http://www.jlcomp.demon.co.uk/faq/ind_faq.html Niall Litchfield wrote in message <3cbc8537$0$231$cc9e4d1f_at_news.dial.pipex.com>...Received on Tue Apr 16 2002 - 15:35:48 CDT
>just for completeness what happens if you also grant create view to us1?
>
>