| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: 9iDB Security Hole?
Jonathan Lewis wrote:
>
> In fact, there is a bug, which I couldn't find
> last night - 2121935, dated December 2002 !!!
>
> Any ANSI join is a problem.
>
> But this isn't a reason for avoid ANSI syntax,
> it's a reason for not migrating a production
> system to 9.0.1
>
> --
> Jonathan Lewis
> http://www.jlcomp.demon.co.uk
>
> Author of:
> Practical Oracle 8i: Building Efficient Databases
>
> Next Seminar - Australia - July/August
> http://www.jlcomp.demon.co.uk/seminar.html
>
> Host to The Co-Operative Oracle Users' FAQ
> http://www.jlcomp.demon.co.uk/faq/ind_faq.html
>
> Niall Litchfield wrote in message
> <3cbbd589$0$238$ed9e5944_at_reading.news.pipex.net>...
> >"Daniel Morgan" <damorgan_at_exesolutions.com> wrote in message
> >news:3CBB5EFC.43A50425_at_exesolutions.com...
> >> And no one other than sys should be looking at sys.link$ anyway.
> >
> >This is the whole point of the thread. As described so far the use of LEFT
> >OUTER JOIN in 9i means that any user with create session privilege can look
> >at data from any table that exists in the database.
> >
> >Has someone filed a bug on this yet? This looks like a good reason to avoid
> >the ANSI syntax for a while yet.
> >
Yeh - its not really the bug thats inexcusable, its the December date on the bug...
Pete/Howard - No alert?, no backport? No-one there trying to keep this under the covers are they :-)
-- ============================== Connor McDonald http://www.oracledba.co.uk "Some days you're the pigeon, some days you're the statue..."Received on Tue Apr 16 2002 - 13:47:10 CDT
 |
 |