Re: Why PUBLIC SYNONYM is bad ?

Thomas Kyte wrote:

> In article <3D0D25A3.FD16FCC7_at_noos.fr>, cava123 says...
> >
> >Thank You Yong, but is there any security impact with public or private synonyms
> >?.
> >
>
> none, period -- zero, zippo.
>
> if you cannot access the underlying object, a synonym won't help you.
>
> >Yong Huang a écrit :
> >
> >>Nuno Souto <nsouto_at_optushome.com.au.nospam> wrote in message
> >>news:<3d0bfd7e$0$28008$afc38c87_at_news.optusnet.com.au>...
> >> >
> >> > For some good text stuff on public synonyms and their performance impact,
> >> > see Steve Adam's site: www.ixora.com.au
> >> > There is a section on newsletters and IIRC the synonym stuff is in one of
> >> > them.
> >>
> >> It's here:
> >> http://www.ixora.com.au/newsletter/2001_05.htm#synonyms
> >>
> >> Steve shows that synonyms, particularly public synonyms, are indeed
> >> bad in terms of CPU usage. But he said at the beginning "the best way
> >> to refute such scepticism [i.e. synonyms are bad] is with a
> >> reproducible test", as if his following test would show otherwise.
> >>
> >> Yong Huang
> >
>
> --
> Thomas Kyte (tkyte@oracle.com) http://asktom.oracle.com/
> Expert one on one Oracle, programming techniques and solutions for Oracle.
> http://www.amazon.com/exec/obidos/ASIN/1861004826/
> Opinions are mine and do not necessarily reflect those of Oracle Corp

The only security impact I can come up with in regard to public synonyms is that the presence of a synonym does provide some information about the existance of an object the user is not privileged to access. This is different from Oracle's default behavior of denying that an object exists if you don't have access privileges.

Not a security breach in almost all situations ... but a potential chink in the armor of an application where security is a critical component.

Daniel Morgan Received on Mon Jun 17 2002 - 11:18:32 CDT