This is fixed in 9.0.1.3. I have verified it.
-Original Message-
Sent: Wednesday, July 03, 2002 12:43 PM
To: Multiple recipients of list ORACLE-L
Cutting and pasting from an old post: by Jonathan Lewis:
The upshot of it seems to be that anyone who can get an sql session can look
at
a
Cutting and pasting from an old post: by Jonathan Lewis:
The upshot of it seems to be that anyone who can get an sql session can look at
any data, and given 'create view' as well can change data at will. You may be
able to use the database in production, but only if your users can't access it
Gelco Information Network
Connor
McDonald To: Multiple recipients of list
ORACLE-L <[EMAIL PROTECTED]>
Subject: RE: Upgrade from 9.0.1.2 -
NOPE!
Sent by:
[EMA
McDonald To: Multiple recipients of list ORACLE-L
<[EMAIL PROTECTED]>
Subject: RE: Upgrade from 9.0.1.2 - NOPE!
S
I'm pretty sure this has not been done...
NOBODY(!) should be on 9012 in production - unless
you're happy with zero security. As well as the
reading-anything as Ian points out, with a little bit
of playing around its also possible to destroy any
data in the database (since a view is updatable if
Did Oracle back port the patch to fix the ANSI-style jonn bug to 9.0.1.2? This bug
allows one to read any table in the database despite the permission set.
Ian MacGregor
Stanford Linear Accelerator Center
[EMAIL PROTECTED]
-Original Message-
Sent: Tuesday, July 02, 2002 8:23 AM
To: Mult
