Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle 9i DB Security Hole

Re: Oracle 9i DB Security Hole

From: Sybrand Bakker <postbus_at_sybrandb.demon.nl>
Date: Wed, 17 Apr 2002 19:07:26 +0200
Message-ID: <1narbuk2gjavmj0teisiforv7r3o24u9p9@4ax.com> 





On 17 Apr 2002 09:37:18 -0700, mfowler_at_dot.co.pima.az.us (m. fowler)
wrote:



>I think the 'bug' can be summarized thus:  any user has read/write

>access to the data dictionary and any other user data.  This can be

>rephrased like this: there is no security within the 9.0.1 database. 

>The implications of this would seem to be rather profound.





any user has read/write


access to the data dictionary



So what? Do you know of any other mechanism in Oracle to update the
dictionary for you?




and any other user data ....


there is no security within the 9.0.1 database. 



Could you please provide at least *some* proof? Obviously you can't.



And if you can demonstrate this, why don't you get in touch with
Oracle on this issue? Or do you prefer to flame Oracle in public? That
would make you a coward, don't you think?
Or do you just like to be sued by Oracle for spreading such slander?



--
Regards



Sybrand Bakker, Senior Oracle DBA

To reply remove -verwijderdit from my e-mail address


Received on Wed Apr 17 2002 - 12:07:26 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US