| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Possible SECURITY ERROR ?
Hi Isaac,
Make sure that the user_a doesn't have the alter user priviliege .
cheers
CHANDRASEKAR
In article <36AB182B.87F0CFB0_at_hadassah.org.il>,
Isaac Chocron <Itshak_at_hadassah.org.il> wrote:
> This is a multi-part message in MIME format.
> --------------D6AC379DE17F206D4F1CE0E9
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
>
> I have an Oracle 8.04. server on NT.
>
> Everyone can explain me if it is true or is a terrible bug ?
>
> I have two schemas: User_a User_b
> Their passwords are: Pass_a Pass_b
>
> User_a has the system privilege:Grant Any Role.
>
> User_a has created a role with this statement:
> Create role Role_a identified by Test;
>
> User_a has performed this statement:
> Grant Role_a to User_b identified by test;
>
> The result is ...
> The password of User_b is Test !!! and not Pass_b.
>
> So User_a has the possibility of change the password of any schema !!!
>
> --------------D6AC379DE17F206D4F1CE0E9
> Content-Type: text/x-vcard; charset=us-ascii;
> name="Itshak.vcf"
> Content-Transfer-Encoding: 7bit
> Content-Description: Card for Isaac Chocron
> Content-Disposition: attachment;
> filename="Itshak.vcf"
>
> begin:vcard
> n:Chocron;Isaac
> tel;fax:02-6778 393
> tel;work:02-6778 113
> x-mozilla-html:FALSE
> org:Hadassah hospital;Computers
> version:2.1
> email;internet:itshak_at_hadassah.org.il
> title:Project manager on Oracle database
> adr;quoted-printable:;;p.o.b. 12000=0D=0A;Jerusalem;;91120;Israel
> end:vcard
>
> --------------D6AC379DE17F206D4F1CE0E9--
>
>
-----------== Posted via Deja News, The Discussion Network ==---------- http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own Received on Mon Jan 25 1999 - 23:49:14 CST
 |
 |