Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: 9iDB Security Hole?
kula_at_int.tele.dk (Kurt Laugesen) wrote in message news:<7c804feb.0204171250.2b21828b_at_posting.google.com>...
> My company is trying to escalate the matter as we were on the verge of
> going into production on 9.0.1, and this will stop us dead in our
> tracks.
If I understood and tested the problem correctly, the security hole shows up when a user has:
1- CREATE SESSION privilege. 2- CREATE VIEW privilege. 3- The user creates a view on a non-authorized table using ANSI join syntax.
Now, in a normal production environment, you'd most definitely NOT grant all users the privilege to create their own views? Which basically means you'd not have this problem at all.
Or am I also missing something obvious? Received on Wed Apr 17 2002 - 21:22:28 CDT