Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle 9i DB Security Hole

Re: Oracle 9i DB Security Hole

From: Connor McDonald <connor_mcdonald_at_yahoo.com>
Date: Thu, 18 Apr 2002 21:49:04 +0100
Message-ID: <3CBF3140.2124@yahoo.com> 





Niall Litchfield wrote:


> 

> "Jonathan Lewis" <jonathan_at_jlcomp.demon.co.uk> wrote in message

> news:1019148031.14139.0.nnrp-14.9e984b29_at_news.demon.co.uk...

> >

> > I think that your judgement on this case may

> > be a bit harsh.  Given that it took about 24 hours

> > for the patch to appear from the moment the

> > post hit the newsgroup, it clearly wasn't a case

> > of:

> >     "It's too difficult / dangerous / expensive to fix,

> >     let's hope no-one else notices before 9.2"

> 

> I'd say that Oracles reaction once they realized the problem was real and

> serious has been excellent. As someone who has also to support other vendors

> products where we often get a delay before patch availability and oftentimes

> several patches for the same problem. That all said I do feel that a bug of

> this seriousness shouldn't have slipped through QA. I have some sympathy too

> for the metalink analyst(s?) who missed the significance of what they were

> seeing. that is all to easy to do especially in a front line support

> environment.

> 

> --

> Niall Litchfield

> Oracle DBA

> Audit Commission UK




Agreed.  My only criticism is that they bug has now gone from
'published' to 'unpublished'.  I applaud the speed at which they
backported the patch...I'm not so sure about the coverup..



Cheers


Connor

-- 
==============================
Connor McDonald

http://www.oracledba.co.uk

"Some days you're the pigeon, some days you're the statue..."


Received on Thu Apr 18 2002 - 15:49:04 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US