Re: PUBLIC privileges on XDB$ACL
- From: David Fitzjarrell <oratune@xxxxxxxxx>
- To: "david@xxxxxxxxxxxxxxxxxxxx" <david@xxxxxxxxxxxxxxxxxxxx>, "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 19 Jul 2012 06:51:01 -0700 (PDT)
I see no such grant in catqm.sql in 10.2 or 11.2; I expect that this was
version 9 behavior and was corrected in later releases to close possible
security holes. I do not have a 10.1 installation to check.
David Fitzjarrell
________________________________
From: "david@xxxxxxxxxxxxxxxxxxxx" <david@xxxxxxxxxxxxxxxxxxxx>
To: oracle-l@xxxxxxxxxxxxx
Sent: Wednesday, July 18, 2012 8:31 PM
Subject: PUBLIC privileges on XDB$ACL
Hey all,
I'm trying to track down the source of a overly permissive privilege issue
on XDB$ACL. At about Oracle 9.2 when Oracle XML Database is installed it
seems catqm.sql (or one of its sub-scripts) executed
"grant all on XDB.XDB$ACL to public"
Current version of Oracle don't, but I'm trying to work out if earlier or
later versions also did this too. Any help would be very much appreciated!
Thanks,
David
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
