Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: PL/SQL Package Execution Privileges
On Thu, 6 Feb 2003 16:28:27 -0000, Jeremy Ovenden
<newspostings_at_hazelweb.co.uk> wrote:
>Question: if there is enough info here, how should I set this up? There
>are some users in the system that need to be able to change the
>passwords of other users (i.e. to reset them in the event of the user
>forgetting them). This is a web-based application using pl/sql toolkit.
You should NOT set this up, unless you want to build applications which are vulnerable for attacks.
It is also not possible to do something for which you don't have the
privilege. You can get around it, but you will end up using much more
powerful backdoors.
And you state it is a web-based application. I guess in my company I
would even propose that, I would be at least frowned upon and get a
bad reputation.
Sybrand Bakker, Senior Oracle DBA
To reply remove -verwijderdit from my e-mail address Received on Thu Feb 06 2003 - 11:43:42 CST