Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Restricting user access to a database?

Re: Restricting user access to a database?

From: Pete Finnigan <pete_at_petefinnigan.com>
Date: Tue, 22 Jul 2003 10:21:26 +0100
Message-ID: <bzqaBBBWIQH$Ew97@peterfinnigan.demon.co.uk> 





Hi Quarkman,



<snip>


> It is also (I hate to use this word!!) unbreakable, in the 

>sense that there's no way around this: there's no password to discover, and 

>the policy is an integral part of the table, so it can never be ducked 

>around. 



</snip>



It is not totally secure!, any user with the privilege EXEMPT ACCESS
POLICY and sys do not get the same predicate generated, i.e they can
bypass RLS. Also although I have not looked into it myself Jonathan once
suggested to me that RLS can be broken with autonomous transactions. I
would say nothing is unbreakable!.



kind regards



Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.


Received on Tue Jul 22 2003 - 04:21:26 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US