Yes it is a customer alert doc id 185074.1 published 18/04/02
--
Niall Litchfield
Oracle DBA
Audit Commission UK
*****************************************
Please include version and platform
and SQL where applicable
It makes life easier and increases the
likelihood of a good answer
******************************************
"Howard J. Rogers" <dba_at_hjrdba.com> wrote in message
news:a9oru7$hej$1_at_lust.ihug.co.nz...
> What I'd like to know is: is this now a customer alert?
>
> I have no doubt that the problem was simply one of not realising the
import
> of the matter.
>
> I didn't realise it myself. The *very* original post mentioned being able
to
> select from any table. Jonathan happened to mention that a view on a
select
> of any table meant DML was possible. I happened to wonder whether a view
on
> a data dictionary table would allow you to wreck the database. If you
> weren't primed to follow that chain of reasoning, you wouldn't have
thought
> too badly of a bug here and there, which all products have.
>
> The lack of a patch for NT is unfortunate, to say the least. But
otherwise,
> the speed of response has been good.
>
> But if no-one knows about it, it's no use. I'd like to see an alert... at
> least that way, it's your own fault if you get bitten.
>
> Regards
> HJR
>
>
>
> "Connor McDonald" <connor_mcdonald_at_yahoo.com> wrote in message
> news:3CBF3140.2124_at_yahoo.com...
> > Niall Litchfield wrote:
> > >
> > > "Jonathan Lewis" <jonathan_at_jlcomp.demon.co.uk> wrote in message
> > > news:1019148031.14139.0.nnrp-14.9e984b29_at_news.demon.co.uk...
> > > >
> > > > I think that your judgement on this case may
> > > > be a bit harsh. Given that it took about 24 hours
> > > > for the patch to appear from the moment the
> > > > post hit the newsgroup, it clearly wasn't a case
> > > > of:
> > > > "It's too difficult / dangerous / expensive to fix,
> > > > let's hope no-one else notices before 9.2"
> > >
> > > I'd say that Oracles reaction once they realized the problem was real
> and
> > > serious has been excellent. As someone who has also to support other
> vendors
> > > products where we often get a delay before patch availability and
> oftentimes
> > > several patches for the same problem. That all said I do feel that a
bug
> of
> > > this seriousness shouldn't have slipped through QA. I have some
sympathy
> too
> > > for the metalink analyst(s?) who missed the significance of what they
> were
> > > seeing. that is all to easy to do especially in a front line support
> > > environment.
> > >
> > > --
> > > Niall Litchfield
> > > Oracle DBA
> > > Audit Commission UK
> >
> > Agreed. My only criticism is that they bug has now gone from
> > 'published' to 'unpublished'. I applaud the speed at which they
> > backported the patch...I'm not so sure about the coverup..
> >
> > Cheers
> > Connor
> > --
> > ==============================
> > Connor McDonald
> >
> > http://www.oracledba.co.uk
> >
> > "Some days you're the pigeon, some days you're the statue..."
>
>
Received on Fri Apr 19 2002 - 06:14:14 CDT
