Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: 9iDB Security Hole?

Re: 9iDB Security Hole?

From: Nuno Souto <nsouto_at_optushome.com.au>
Date: 17 Apr 2002 19:22:28 -0700
Message-ID: <dd5cc559.0204171822.75d0a561@posting.google.com> 





kula_at_int.tele.dk (Kurt Laugesen) wrote in message news:<7c804feb.0204171250.2b21828b_at_posting.google.com>...


> My company is trying to escalate the matter as we were on the verge of

> going into production on 9.0.1, and this will stop us dead in our

> tracks.




If I understood and tested the problem correctly, the
security hole shows up when a user has:


1- CREATE SESSION privilege.
2- CREATE VIEW privilege.
3- The user creates a view on a non-authorized table using ANSI join syntax.





Now, in a normal production environment, you'd most definitely NOT 
grant all users the privilege to create their own views?
Which basically means you'd not have this problem at all.



Or am I also missing something obvious?
Received on Wed Apr 17 2002 - 21:22:28 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US