Re: Why are people so afraid of underscore parameters ?

Thomas Kyte <tkyte_at_oracle.com> wrote in message news:<ak60ht02k5d_at_drn.newsguy.com>...
> (in fact, I can show you a truly big problem with _trace_files_public, security
> and another undocumented but seemingly innocent event that can be set at the
> session level -- just need _trace_files_public to be set and ALTER SESSION privs
> and I can get some pretty neat information)

Hi, Tom,

Out of curiosity, what event is that, suppose the user has alter session privilege?

By the way, I don't always grant alter session to all users. But I always grant select_catalog_role to whoever asks. Without alter session but with _trace_files_public set to true, all trace files are world-readable. Is that a problem? I would say, ideally, developers can use a "read only" account on the production box to make their development easier. That account only has create session privilege and select_catalog_role, plus some select on XXX table privileges. With _trace_files_public being true, they can also see what errors the database generates (as well as trace files DBAs manually create). I'm willing to open rather than close the database as much as possible, just as UNIX opens /var/adm/messages and most files under /etc world-readable. If security is really a concern, don't even allow SQL connection to the database, just as you don't allow UNIX shell access to a production UNIX box.

Yong Huang Received on Sun Aug 25 2002 - 18:21:11 CDT