Re: Security issues in granting v$view select privileges

• From: Vladimir Andreev <vandreev@xxxxxxxxx>
• To: Jed_Walker@xxxxxxxxxxxxxxxxx
• Date: Thu, 25 Nov 2010 13:42:03 +0100

On Sat, Nov 20, 2010 at 20:31, Walker, Jed S
<Jed_Walker@xxxxxxxxxxxxxxxxx>wrote:

>  Let me clarify. We aren’t opposed to giving out the access, in fact, we
> believe it will be very beneficial. What we want to figure out is if there
> are any things in there we shouldn’t be granting out.
>
>
> Well, that depends. V$SQL can be problematic, if your application uses
literals that expose sensitive production data, along  the lines of
insert into transactions(ccard,amount) values (,'40000', 42) ;
Same problem with V$SQL_BIND_CAPTURE when using bind variables.

• References:
  • Security issues in granting v$view select privileges
    • From: Walker, Jed S
  • Fwd: Security issues in granting v$view select privileges
    • From: Rumpi Gravenstein
  • RE: Security issues in granting v$view select privileges
    • From: Walker, Jed S

Other related posts:

• » Security issues in granting v$view select privileges- Walker, Jed S
• » Re: Security issues in granting v$view select privileges- Taral Desai
• » RE: Security issues in granting v$view select privileges- Walker, Jed S
• » Re: Security issues in granting v$view select privileges - Vladimir Andreev
• » Re: Security issues in granting v$view select privileges- Pete Finnigan

1. Home
2. oracle-l
3. Archive
4. 11-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---