Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle 9i DB Security Hole
I agree. Particularly given the 'Unbreakable' marketing campaign.
-- Niall Litchfield Oracle DBA Audit Commission UK ***************************************** Please include version and platform and SQL where applicable It makes life easier and increases the likelihood of a good answer ****************************************** "Andrew Mobbs" <andrewm_at_chiark.greenend.org.uk> wrote in message news:8uf*Ji6lp_at_news.chiark.greenend.org.uk...Received on Thu Apr 18 2002 - 04:38:30 CDT
> Niall Litchfield <n-litchfield_at_audit-commission.gov.uk> wrote:
> >
> >So a user with only Create Session privilege can read any data they like.
In
> >other words business data is entirely open to scrutiny by any user with
> >create session privilege only.
>
> What puzzles me is how little noise there's been about this. If there
> was a bug in a widely deployed Unix or Microsoft operating system that
> allowed any user to read any file on the system, it'd all over
> the IT press, and probably make it to mainstream media.
>
> So far, I've seen mention of it here, followed by a quick report on
> BugTraq, with a couple of very confused followups, and an article on
> The Inquirer (http://www.theinquirer.net/).
>
> --
> Andrew Mobbs - http://www.chiark.greenend.org.uk/~andrewm/