Certain supplied packages such as dbms_export_extension are flawed, you can inject SQL such as "grant dba to me;" into them and the code will be executed. Now suppose you are pulling data from a database which includes sensitive information to one that does not via a database link. No sensitive data is accessible, the account on the sensitive database to which the database link connects has no privilege to access the sensitive objects. However there is a package, I'll call it dbms_flawed which is exploitable via SQL injection. A user runs dbms_flawed.exeute_this@remote_db('grant dba to me') thereby gaining that privilege or execute dbms_flawed.execute@remote_db('grant all on trusted_user.cofidential_info_table to me'); The controls setup to prevent improper access are bypassed. The answer is to to not allow "me" to execute dbms_flawed. However, there are other packages which might now or someday be exploitable. How are folks handling this. Have you revoked execute privileges from public from all packages, a certain set of packages (if so which ones)? Is there a list of packages which have the potential to be exploited. Revoking privileges can be tricky. Dba_dependencies will find calls from stored procedures, but not anonymous blocks. Ian MacGregor Stanford Linear Accelerator Center ian@xxxxxxxxxxxxxxxxx -- //www.freelists.org/webpage/oracle-l