Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: how to group synonyms ?
ctcgag_at_hotmail.com wrote:
> Daniel Morgan <damorgan_at_x.washington.edu> wrote:
>
>>>now, what about plugging the ALL_USERS hole? >>> >>>-- Mark Stock >> >>That is, in my opinion, one of the biggest holes in the Oracle security >>architecture. The system denies knowledge about schemas and objects but >>not users. Why? No good reason I am sure.
The knowledge that a table exists gives you two pieces of information. The name of the object and the name of the schema. The name of the schema is a source of attack in that quite likely I also know which applications are on which servers and it all provides even more avenues for attack.
-- Daniel Morgan http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Sat Nov 29 2003 - 15:57:39 CST