APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Select privilege on APEX metadata tables

partlycloudyAug 22 2007 — edited Aug 22 2007

APEX version 2.2.1

SELECT * FROM dba_tab_privs
WHERE owner='FLOWS_020200'
AND privilege='SELECT'
AND grantee='PUBLIC'
AND table_name LIKE 'WWV_FLOW%'
AND (owner,table_name) IN (SELECT owner,TABLE_name FROM dba_tables)

Why are these tables visible to everyone?! Some of them even have public synonyms to make accessing them that much easier.

Most of the publicly visible/executable APEX objects like views and APIs have security group id restrictions built into them so that's fine, but having wide-open access like this is a little unusual.

Thoughts?

Locked Post

New comments cannot be posted to this locked post.

Locked on Sep 19 2007

Added on Aug 22 2007

#apex-discussions

10 comments

799 views