Re: capture oracle pwd change in 3rd party application. help needed

Jonathan Lewis wrote:

>Can you expand on your claim.
>
>You seem to be saying that if I grant
>create session to you, you have a method
>of executing a procedure that can only be
>executed by SYS.
>
>I doubt if this is the case, or really what you meant.
>What other conditions would have to be met before
>you could do what you've said ?
>
>
>--
>Regards
>
>Jonathan Lewis
>http://www.jlcomp.demon.co.uk
>
> The educated person is not the person
> who can answer the questions, but the
> person who can question the answers -- T. Schick Jr
>
>
>One-day tutorials:
>http://www.jlcomp.demon.co.uk/tutorial.html
>____Belgium__November (EOUG event - "Troubleshooting")
>____UK_______December (UKOUG conference - "CBO")
>
>
>Three-day seminar:
>see http://www.jlcomp.demon.co.uk/seminar.html
>____UK___November
>
>
>The Co-operative Oracle Users' FAQ
>http://www.jlcomp.demon.co.uk/faq/ind_faq.html
>
>
>"Daniel Morgan" <damorgan_at_x.washington.edu> wrote in message
>news:1068186089.970017_at_yasure...
>
>
>>My objection is that it would take me a matter of minutes to make
>>
>>
>myself
>
>
>>an account on another
>>machine on which I had no permissions. It is a hacker's delight.
>>
>>--
>>Daniel Morgan
>>http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
>>http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
>>damorgan_at_x.washington.edu
>>(replace 'x' with a 'u' to reply)
>>
>>
>>

I wasn't reaching that far.

My point was that an account intentionally given on one database would generate an account with
the same name and password on another. It would not necessarily follow that I had any actual
need for the second account or access to whatever data was stored there.

-- 
Daniel Morgan
http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)