| Security - Public Objects [message #50210] |
Wed, 06 March 2002 04:51  |
Robson Freitas
Messages: 1
Registered: March 2002
|
Junior Member |
|
|
Hi all,
In my current assignment of Oracle security review, I have noticed that the following tables owned by 'SYS' had 'execute' privilege granted to 'PUBLIC' . This privilege has been granted to the 'public' by default, when Oracle is installed, as I understand. I would like to know, if a general user in the database can make an undue use of this privilege. I would appreciate any one in this list, who had a chance to review this earlier, offer me some info on this.
Thanks and Regards.
|
|
|
|
| Re: Security - Public Objects [message #50236 is a reply to message #50210] |
Wed, 06 March 2002 16:13  |
seng
Messages: 191
Registered: February 2002
|
Senior Member |
|
|
1. I don't whether "EXECUTE" privilege is granted to "PUBLIC" after installation. It is trues as you mention that any privileges grant to "PUBLIC" will automatic grant to all user in database.
However, "EXECUTE" must grant with schema object before the user is allowed to use this privilege. To check the "EXECUTE" . To check the privileges, you can use this
DBA level
select * from dba_tab_privs where privilege = 'EXECUTE'and grantee ='PUBLIC'
ALL level
select * from all_tab_privs where privilege = 'EXECUTE' and grantee ='PUBLIC'
User level
select * from user_tab_privs where privilege = 'EXECUTE'and grantee ='PUBLIC'
The return of this query will tell you "EXECUTE" is
on which object by who and to who.
2. If "EXECUTE ANY PROCEDURE" is granted to "PUBLIC" than you will have security problem because any user is allowed to execute any object.
3. Use "REVOKE" to ungrant the privilege to "PUBLIC" if you find the security leaking in your database.
Hope this is helping. thanks
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
