Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle 9i and Release 2

Re: Oracle 9i and Release 2

From: Vladimir M. Zakharychev <bob_at_dpsp-yes.com>
Date: Mon, 16 Sep 2002 13:42:04 +0400
Message-ID: <am4922$mqt$1@babylon.agtel.net>


Unless you patched it to at least 9.0.1.3, there are a lot of serious bugs in it (and particularly a huge and highly desctructive security hole that allows any user with just 'create session' privilege so that he can connect to the db and nothing else, to select and even modify (delete) *any* data in *any* schema, including data dictionary.)

--
Vladimir Zakharychev (bob@dpsp-yes.com)                http://www.dpsp-yes.com
Dynamic PSP(tm) - the first true RAD toolkit for Oracle-based internet applications.
All opinions are mine and do not necessarily go in line with those of my employer.


"Jurgen Lindt" <nospam_at_nospam.com> wrote in message
news:nPdh9.31540$jG2.2362890_at_bgtnsc05-news.ops.worldnet.att.net...

> Thanks Adrian for letting me know. I think I'll take the time to download
> it from work and burn it on CD-ROM. I do have the original Oracle 9i
> Release and it *seems* to work OK.
>
> Thanks again.
>
> JL
>
>
Received on Mon Sep 16 2002 - 04:42:04 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US