Re: V$ tables

Could you kindly ask him what security risk there is in granting that role? What view should not be exposed in his opinion? I'm willing to listen.

The only view I know that select_catalog_role can see and that contains passwords is user_db_links (8i Documentation says all_db_links also has password column; not true!) I guess the logic is that it's OK to see the password in user_db_links because you created it earlier anyway. It'll be a problem if multiple users login this account and one user doesn't want the others to know the password.

Yong Huang

Charlie3101_at_hotmail.com (Charlie Edwards) wrote in message news:<db479d88.0206180052.5546ec_at_posting.google.com>...
> Well I asked my DBA for SELECT_CATALOG_ROLE and this is the
> (paraphrased) reply I got ...
>
> "There is certainly a security issue with SELECT_CATALOG_ROLE so
> access to this will not be granted.
>
> I have granted access to all those v$ views that I considered useful
> for application tuning and did not compromise database security.
>
> If access is to be granted to any other v$ views then their usefulness
> to application tuning will need demonstrating to me and I will need to
> satisfy myself they pose no security risks"
Received on Tue Jun 18 2002 - 12:34:59 CDT