Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: 9iDB Security Hole?

Re: 9iDB Security Hole?

From: Kurt Laugesen <kula_at_int.tele.dk>
Date: 17 Apr 2002 13:50:06 -0700
Message-ID: <7c804feb.0204171250.2b21828b@posting.google.com> 





tmh_at_jumpgate.cc.purdue.edu (Todd M. Helfter) wrote in message news:<a9jk9h$66b$1_at_mozo.cc.purdue.edu>...


> Can anyone think of an init.ora parameter to disable all users from having access

> to the security hole?  Something like "TURN_OFF_SQL92_BLAH_BLAH" or would setting

> compatibility to 8.1.7 have the same effect?




I thought of something like that so I tried setting
O7_DICTIONARY_ACCESSIBILITY=TRUE hoping it had something to do with
the new dictionary priveliges, but it didn't help.



I could kick myself though - because several months ago some people
from my company (including myself) found this bug at an Oracle Course,
but we only saw it as a return to 'the old' dictionary lookup
behaviour, and we didn't see the full consequences as Jonathan and
Howard points out.



My company is trying to escalate the matter as we were on the verge of
going into production on 9.0.1, and this will stop us dead in our
tracks.


Regards 


Kurt Laugesen
Received on Wed Apr 17 2002 - 15:50:06 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US