I agree. Particularly given the 'Unbreakable' marketing campaign.
--
Niall Litchfield
Oracle DBA
Audit Commission UK
*****************************************
Please include version and platform
and SQL where applicable
It makes life easier and increases the
likelihood of a good answer
******************************************
"Andrew Mobbs" <andrewm_at_chiark.greenend.org.uk> wrote in message
news:8uf*Ji6lp_at_news.chiark.greenend.org.uk...
> Niall Litchfield <n-litchfield_at_audit-commission.gov.uk> wrote:
> >
> >So a user with only Create Session privilege can read any data they like.
In
> >other words business data is entirely open to scrutiny by any user with
> >create session privilege only.
>
> What puzzles me is how little noise there's been about this. If there
> was a bug in a widely deployed Unix or Microsoft operating system that
> allowed any user to read any file on the system, it'd all over
> the IT press, and probably make it to mainstream media.
>
> So far, I've seen mention of it here, followed by a quick report on
> BugTraq, with a couple of very confused followups, and an article on
> The Inquirer (http://www.theinquirer.net/).
>
> --
> Andrew Mobbs - http://www.chiark.greenend.org.uk/~andrewm/
Received on Thu Apr 18 2002 - 04:38:30 CDT
