Re: Undocumented features

In article <3g6l6g$quo_at_dcsun4.us.oracle.com>, rmanalac_at_oracle.com wrote:

>lsd_at_quay.ie (Liam Dwan) writes:
>|> Are you saying that my Oracle DB contains hidden logic bombs and all that
>|> it requires is for the office monkey to come up with the right combination
>|> of key strokes and then WIPEOUT. Sounds like you're playing the company
>|> secret game a bit too seriously.
>
>That would be a great exaggeration. That is not to say that there are not
>a set of events and actions that one can do to damage a key block in the
>database. In general, you are at a much higher risk of someone accidently
>doing dropping an important table, overwriting a datafile, or issuing a
>bogus mass update than you are of someone setting a set of events and
>undocumented init.ora parameters to the right values and performing some
>dba activities that could potentially do major damage to a database.
>Operative phrase being DBA intervention.
>
>Still, it is in general unwise to try to take advantage of things that are
>unsupported, undocumented, subject to change without notice, not well
>understood, etc... That would be true of any piece of software or hardware
>not just Oracle.
>
>Roderick Manalac
>Oracle Corporation
>
>DISCLAIMER: I speak for myself not my company.

ignorance is not security.

if there is a sequence of commands documented or otherwise that can be used by a non-dba to harm the database or violate security, that's a bug.

i know there HAVE been bugs like this. i'd like to think there aren't any now, but i don't know for sure and the fact that there are a lot of undocumented commands doesn't make me sleep any easier. Received on Thu Jan 26 1995 - 03:41:41 CET