Re: V$ tables

Nuno Souto <nsouto_at_optushome.com.au.nospam> wrote in message news:<3d0bf522$0$28005$afc38c87_at_news.optusnet.com.au>...
> > you can look the password in db links easily from
> > dba_db_links,
>
> I think that one has been fixed since V8.0?

I don't see any version of Oracle where dba_db_links has password. Maybe he was thinking of sys.link$, which still has password as of 9.0.1. There's been a feature enhancement request to tighten this security for a while.

> realized it. Database security in most cases is run by amateurs. Last
> time I hacked the system password for a DB2 database, it took me 30
> minutes to get in! Probably take me less with Oracle, but then I know it
> a lot better than I know DB2. It's a sad state of affairs, but it's

How do you get the system password? Care to elaborate? Hey, I want to be a hacker!

By the way, I always grant select_catalog_role to ever account a human could log in. Unfortunately, few if any of our developers know how to use those views. (Note that I say select_catalog_role, not select any table)

The DBAs that are afraid of granting permission to look at v$ views are more likely Windows, not UNIX, Oracle DBAs. I feel that people working in the UNIX world are more willing to open up. That's my impression. No proof.

Yong Huang Received on Sun Jun 16 2002 - 12:16:43 CDT