Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Oracle 8i Security

From: jonz () NETRAIL NET (Jonathan A. Zdziarski)
Date: Tue, 2 Nov 1999 12:54:35 -0500

This is probably present in other versions of Oracle as well, but I
noticed when fatfingering a table that if you try to create a referrential
integrity constraint on someone else's table, it presents the user with a
little too much information.  If the table does not exist in the other
user's schema, you get an 'ORA-00924: table or view does not exist',
however if the table exists and you don't have permission to reference it,
you get a different error (something similar to 'invalid access').

This can be used to find out what tables another schema owns without
having access to.  It's not a big deal for our implementation, but it
could be on others.

Thank you,

Jonathan A. Zdziarski
Sr. Systems Administrator
Netrail, inc.
888.NET.RAIL x240
http://www.netrail.net
Previous By Date Next
Previous By Thread Next

Current thread: