Re: Comments Requested About Granting an "ANY" privilege

From: sybrandb <sybrandb_at_gmail.com>
Date: Wed, 23 Apr 2008 01:44:20 -0700 (PDT)
Message-ID: <bbf2ff2c-9bb2-4d51-b4af-7bbdaf940cf3@t63g2000hsf.googlegroups.com>

On Apr 23, 1:47�am, "Dereck L. Dietz" <diet..._at_ameritech.net> wrote:
> Oracle 10g 10.2.0.3.0
>
> Perusing the database where I work I've noticed that, among other things,
> the following privileges have been granted as a general rule to all users:
>
> 1. � �select any dictionary
> 2. � �select any sequence
> 3. � �select any table
> 4. � �select any transaction
>
> Just requesting comments on granting any privilege with the word "ANY" in
> it.
>
> Thanks.

This demonstrates people who granted this privilege were too lazy to find out which privileges were really required. Those people should be shown to the door of unemployment, as they render databases unsecure.
Remember most threats do not come from the outside, but from within.

--
Sybrand Bakker
Senior Oracle DBA

Received on Wed Apr 23 2008 - 03:44:20 CDT

This message: [ Message body ]
Next message: yossarian: "Re: Anybody experimenting with Symfony?"
Previous message: sybrandb: "Re: Cannot connect to Oracle 10g database"
In reply to: Dereck L. Dietz: "Comments Requested About Granting an "ANY" privilege"
Next in thread: Mark D Powell: "Re: Comments Requested About Granting an "ANY" privilege"
Reply: Mark D Powell: "Re: Comments Requested About Granting an "ANY" privilege"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message