Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Possible SECURITY ERROR ?

Re: Possible SECURITY ERROR ?

From: John Koo <johnkoo_at_i-wave.net>
Date: Sun, 24 Jan 1999 22:14:38 +0800
Message-ID: <78fb50$ej95@news.hk.linkage.net> 





I'tried to on my Oracle 8.05 for Linux but no luck...



John Koo


johnkoo_at_i-wave.net



Isaac Chocron wrote in message <36AB182B.87F0CFB0_at_hadassah.org.il>...


>I have an Oracle 8.04. server on NT.


>


>Everyone can explain me if it is true or is  a terrible bug ?


>


>I have two schemas:    User_a        User_b


>Their passwords are:    Pass_a        Pass_b


>


>User_a has the system privilege:Grant Any Role.


>


>User_a has created a role with this statement:


>    Create role Role_a identified by Test;


>


>User_a has performed this statement:


>    Grant Role_a to User_b identified by test;


>


>The result is ...


>    The password of User_b is Test !!! and not Pass_b.


>


>So User_a has the possibility of change the password of any schema !!!


>


>




Received on Sun Jan 24 1999 - 08:14:38 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US