RE: OEM permissions
I believe the point is not that you can create links to SYS or SYSTEM accounts, but instead to application accounts, e.g. if I created a link from my private database to the company's HR database using a duplicated HR_MANAGER schema, I may be able to access data that I otherwise should not have. -- Tom Thomas A. La Porte, DreamWorks SKG <mailto:[EMAIL PROTECTED]> On Sat, 20 Dec 2003, Yong Huang wrote: >Hi, > >I think you're describing a real security hole. But I'm not sure how it's >exploited exactly. Let's say John Doe sets up his database on his desktop, >which is part of the production database network. He sees the hash value of >SYSTEM's password on production and sets the hash value for his own SYSTEM user >to be the same. Since now he doesn't know the clear text password for SYSTEM >(Pete Finnigan may know how to find it, though), he can't easily create a >private database link owned by SYSTEM. He can still create a public link, or a >private link owned by somebody else, his SYS user e.g. Then what? > >(He can still create a link owned by SYSTEM from another account such as SYS >using a little bit hacking. But he won't know SYSTEM's password. I don't know >how security of the production database is compromised in any way) > >Yong Huang > >you wrote: > >Maybe I'm a being a bit touchy here; but it seems that my comments about >having access to dba_users went completely unnoticed. Let's put it this >way: There is NO WAY you can prevent somebody from setting up their own >private oracle instance. It they have access to dba_users in your database, >they can create the SAME users with the SAME passwords in their private >database. And they can create database links in their private database. > >Now, is this a problem? > >__ >Do you Yahoo!? >New Yahoo! Photos - easier uploading and sharing. >http://photos.yahoo.com/ > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Thomas A. La Porte INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Where are my trace files going?
Though I'm intrigued by (2), I'm humbled by the missing (3) option which you did not consider. That is that *I* had one too many 0's in my trace event: it's 10046, not 100046! Your post pointed out my typo, many thanks. Serves me right for cutting and pasting into different sessions, so that I could perpetuate my mistake in order to convince myself that something really mysterious was going on! -- Tom Thomas A. La Porte, DreamWorks SKG <mailto:[EMAIL PROTECTED]> On Mon, 1 Dec 2003, Mladen Gogala wrote: >There are two possibilities: >1) You are hitting a well known bug which doesn't allow you to turn > on 10046 by using set_ev or alter session. The only way to actually do > it is to use oradebug. >2) Your trace files are with Saddam Hussein. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Thomas A. La Porte INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Where are my trace files going?
Environment: Oracle 8.1.7.4 on RedHat AS2.1 I'm in the process of preparing to convert a 90M row table from heap-organized to index organized. I think I've pretty well got a formula for doing the actual table conversion. It's a very basic table, four NUMBER columns, with a PK on the first two. I'm planning to extract the data to a sorted, comma-delimited flat file, then using SQL Loader with direct path to do the import. On a 2.8GHz 2-way Linux box, that process is taking me about 30 minutes. Building two additional indexes on that table after the data has been loaded is taking anywhere from 30 minutes up to three hours. I'm trying to determine why there is a wide variation in the performance of the index build operation by tracing the session, however, I can't seem to generate a trace file! I can run the 'alter session' to get a 100046 trace, but no file is created in my user_dump_dest (nor, for that matter, is it being created in my background_dump_dest, core_dump_dest, or any place else on the local machine as best as I can tell). I've run these traces before in other instances on the same machine, and I don't believe that there is a file ownership or permissions problem anywhere in the mix. Does anyone have any thoughts on where my trace file is going, if it is going anywhere? Or how to determine why I'm not generating a trace file? Any thoughts or pointers are greatly appreciated. -- Tom Thomas A. La Porte, DreamWorks SKG <mailto:[EMAIL PROTECTED]> -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Thomas A. La Porte INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Create Rule
Hamid, In that case, I think the suggestion made earlier to use the Virtual Private Database functionality is the best solution. http://download-west.oracle.com/docs/cd/B10501_01/appdev.920/a96590/adgsec02.htm#1009919 -- Tom Thomas A. La Porte, DreamWorks SKG <mailto:[EMAIL PROTECTED]> On Fri, 14 Nov 2003, Hamid Alavi wrote: >So in this case I have to Create 50 Views, I am looking for some sort of >common rule the apply it for all of these 50 tables. > > >-Original Message- >Sent: Friday, November 14, 2003 12:24 PM >To: Multiple recipients of list ORACLE-L > > >Hamid, > >Create a view on top of the table and apply the where clause in the view. >Only give the view to the application folks - not the base table itself. > >create or replace view my_view as >select * from some_table >where sysdate between effective date & end date; > >How about that?? > >Tom Mercadante >Oracle Certified Professional > > >-Original Message- >Sent: Friday, November 14, 2003 3:14 PM >To: Multiple recipients of list ORACLE-L > > >NO I mean these tables always filtered even if some body run a query like >this: >select * from table1 -- >> return the all the records where the >sysdate between effective date & end date > >-Original Message- >Sent: Friday, November 14, 2003 9:59 AM >To: Multiple recipients of list ORACLE-L > > >you answered your own question ... > >select * >from my_table >where trunc(sysdate) between trunc(eff_date) and trunc(end_date) >/ > >Raj > > >Rajendra dot Jamadagni at nospamespn dot com >All Views expressed in this email are strictly personal. >QOTD: Any clod can have facts, having an opinion is an art ! > > >-Original Message- >Sent: Friday, November 14, 2003 12:49 PM >To: Multiple recipients of list ORACLE-L > > >List, > >I have 50 lookup tables and all of them have effective date & end date I >want to create a rule or some thing like this which any select statement >select the data from these lookup where the sysdate between effective date & >end date. >Example: > >select * from table1 ( always select those records where sysdate between >effective date & end date). >Any Idea? > >Thanks, > >Hamid Alavi > >Office : 818-737-0526 >Cell phone : 818-416-5095 > > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Thomas A. La Porte INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
