Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: PL/SQL Package Execution Privileges

Re: PL/SQL Package Execution Privileges

From: Jeremy Ovenden <newspostings_at_hazelweb.co.uk>
Date: Thu, 6 Feb 2003 18:15:59 -0000
Message-ID: <MPG.18acb6be201c756f9896b4@news.cis.dfn.de> 





In article <ch754vkiah45q4r9765ofbft19rcd9hcgd_at_4ax.com>, 
gooiditweg_at_nospam.demon.nl says...


> On Thu, 6 Feb 2003 16:28:27 -0000, Jeremy Ovenden

> <newspostings_at_hazelweb.co.uk> wrote:

> 

> >Question: if there is enough info here, how should I set this up? There 

> >are some users in the system that need to be able to change the 

> >passwords of other users (i.e. to reset them in the event of the user 

> >forgetting them). This is a web-based application using pl/sql toolkit.

> 

> 

> You should NOT set this up, unless you want to build applications

> which are vulnerable for attacks.

> 




This is the sort of response I anticipated. I feel that it is a 
potentially serious hole that is opened up. If there was a safe way to 
do it (for example a given class of users identified by Role R1 being 
able to alter the passwords of any users with Role R2 or somesuch....)



It is not essential and if it is risky then will be shelved!



Thanks for your input.



cheers



-- 

jeremy


Received on Thu Feb 06 2003 - 12:15:59 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US