HTML DB v 1.5 security loophole

From: Mark C. Stock <mcstockX_at_Xenquery>
Date: Fri, 12 Aug 2005 17:52:01 -0400
Message-ID: <lcmdnXYeyJCZh2DfRVn-og_at_comcast.com>

It appears that with HTML DB v 1.5, anyone that has ADMIN privileges on the INTERNAL workspace can get access to every schema in the database (except apparently SYS).

I understand this has been fixed in 1.6 and improved in 2.0, but I've not had a chance to check it out in either of those versions.

Has anybody else encountered this?

++ mcs Received on Fri Aug 12 2005 - 23:52:01 CEST

This message: [ Message body ]
Next message: James Kelly: "Re: ORA-00911: invalid character when executing INSERT statement with ; in TOAD"
Previous message: Malcolm Dew-Jones: "Re: ORA-00911: invalid character when executing INSERT statement with ; in TOAD"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message