Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: how to group synonyms ?

Re: how to group synonyms ?

From: Daniel Morgan <damorgan_at_x.washington.edu>
Date: Sat, 29 Nov 2003 13:57:39 -0800
Message-ID: <1070143088.684217@yasure> 





ctcgag_at_hotmail.com wrote:



> Daniel Morgan <damorgan_at_x.washington.edu> wrote:

> 


>>>now, what about plugging the ALL_USERS hole?
>>>
>>>-- Mark Stock
>>
>>That is, in my opinion, one of the biggest holes in the Oracle security
>>architecture. The system denies knowledge about schemas and objects but
>>not users. Why? No good reason I am sure.




> 

> 

> I seems especially grevious because even I can figure out how

> knowing the name of a user will assist in hacking.  But for

> the life of me I can't figure out what a bad guy could do with the

> simple knowledge that a table exists.

> 

> Xho




The knowledge that a table exists gives you two pieces of information. 
The name of the object and the name of the schema. The name of the 
schema is a source of attack in that quite likely I also know which 
applications are on which servers and it all provides even more avenues 
for attack.


-- 
Daniel Morgan
http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)


Received on Sat Nov 29 2003 - 15:57:39 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US