Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Why PUBLIC SYNONYM is bad ?

Re: Why PUBLIC SYNONYM is bad ?

From: Niall Litchfield <n-litchfield_at_audit-commission.gov.uk>
Date: Tue, 18 Jun 2002 09:13:28 +0100
Message-ID: <3d0eeba9$0$237$ed9e5944@reading.news.pipex.net> 





"Daniel Morgan" <dmorgan_at_exesolutions.com> wrote in message
news:3D0E0BC9.CCDA6781_at_exesolutions.com...


> The only security impact I can come up with in regard to public synonyms

is that the


> presence of a synonym does provide some information about the existance of

an object


> the user is not privileged to access. This is different from Oracle's

default


> behavior of denying that an object exists if you don't have access

privileges.


>

> Not a security breach in almost all situations ... but a potential chink

in the armor


> of an application where security is a critical component.




I did think of this as well. However I'm not sure that it is a real risk.



create public synonym emp for scott.emp; does give some information away



create public synonym staff_details for scott.emp; doesn't.



--
Niall Litchfield
Oracle DBA
Audit Commission UK
*****************************************
Please include version and platform
and SQL where applicable
It makes life easier and increases the
likelihood of a good answer

******************************************


Received on Tue Jun 18 2002 - 03:13:28 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US