Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SELECT ANY DICTIONARY

414140Mar 2 2007 — edited Mar 2 2007

Hi all,

Do you have any comments on the following, are they valid and true:

Create view privilege escalation is possible. Any valid database user with read-only access to a table can also modify data from it. One effect of this is that the default 'DBSNMP' user, which has the 'SELECT ANY DICTIONARY' privilege, can change the password for ANY user by directly updating the SYS.USER$ table in the data dictionary.

Thanks in advance for any input.

Locked Post

New comments cannot be posted to this locked post.

Locked on Mar 30 2007

Added on Mar 2 2007

#general-database-discussions

4 comments

1,764 views