Oracle Magazine, July/August 2017
Database Developer PL SQL ORACLE MAGAZINE JULY AUGUST 2017 77 hr show_ employees 10 END Employees in Department 10 Whalen JWHALEN@ MY_ COMPANY COM Now users can access the employee information appropriate to them but I have not provided any other opportunities to access the employees table I have in other words kept the attack surface the number of points through which an unauthorized user can try to get at the table to a minimum AVOIDING PRIVILEGE ESCALATION Privilege escalation happens when a lower privileged user takes advantage of a higher privileged user via an invoker rights unit Lets use an example to explore what privilege escalation is how it can come about and what sorts of damage it can do Suppose that a database instance has a schema named THE_ MANAGER which is the managers schema and has lots of privileges on many critical database objects including the PERFORMANCE_ REVIEWS table The instance also has a schema named NEW_ CODER the owner of which works for THE_ MANAGER Ill call them NC and TM respectively for short TM has given NC a new task create an invoker rights procedure to display a persons to do list In this fine company each schema has its own TODO table which includes the tasks for the person who owns the schema
You must have JavaScript enabled to view digital editions.