security bug found

C

Christo Kutrovsky

Member³
When you're logged in as a DBA (system for example) and you use the browser tree, and expand:

USERS->a specific user->objects->Tables->a table

and you view the properties of the table, you do not see all the grants.

This is a huge security issue, as I may not see grants to that table, and assume wrongly that no-one should be able to write to that table.
 
NOTE that even openening the priviliges on the user does not show the tables.

I just found out that this is because I have unchecked "Use dba views if available".

So you should add some kind of warning into those pages, when this option is uncheked.
 
I think you need more like a warnning.

because I knew about this option, and I had to uncheck it for some connections. But i had forgoten, and I did not know about this little side effect.
 
You must log in or register to reply here.

Similar threads

Z
  • Discussion Discussion
Increase Speed when multiline editing in SQL file
Replies
3
Views
442
D.Wenzel
D
Z
  • Discussion Discussion
"Previous SQL" and "Next SQL" functionality enhancement?
Replies
2
Views
359
Megar
M
Z
  • Discussion Discussion
FEATURE REQUEST: set CSV "Sep=^" when exporting query result
Replies
1
Views
150
Marco Kalter
Marco Kalter
Z
  • Discussion Discussion
PLSQL -> put into Result Set tabs in SQL window?
Replies
1
Views
265
Marco Kalter
Marco Kalter
Z
  • Discussion Discussion
Disable sound on failed wrap search
Replies
1
Views
169
Marco Kalter
Marco Kalter
Back
Top