Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Why PUBLIC SYNONYM is bad ?
"Daniel Morgan" <dmorgan_at_exesolutions.com> wrote in message
news:3D0E0BC9.CCDA6781_at_exesolutions.com...
> The only security impact I can come up with in regard to public synonyms
is that the
> presence of a synonym does provide some information about the existance of
an object
> the user is not privileged to access. This is different from Oracle's
default
> behavior of denying that an object exists if you don't have access
privileges.
>
> Not a security breach in almost all situations ... but a potential chink
in the armor
> of an application where security is a critical component.
I did think of this as well. However I'm not sure that it is a real risk.
create public synonym emp for scott.emp; does give some information away
create public synonym staff_details for scott.emp; doesn't.
-- Niall Litchfield Oracle DBA Audit Commission UK ***************************************** Please include version and platform and SQL where applicable It makes life easier and increases the likelihood of a good answer ******************************************Received on Tue Jun 18 2002 - 03:13:28 CDT