Reply to: Intriguing OleDB problem

FTFY

I was so hoping it would have a bug

Apology accepted.

Oh don't you furkin start

Suity,

You're not on my ignore list as I don't actually mind helping you out. I just hoped you might take the hint when I said do x, do x, do x while you rabbited on about other options.

The main reason why I didn't say don't do Y its a bad idea is because you always want an explanation from elsewhere why and I couldn't provide that from the location I was sat in.

Yep, know all of this. Accept all of this. Have clearance from above to do this.
This is a prototype. It serves the purpose of demonstrating that it can be done, and can be done relatively cheaply.

When we get the go ahead to develop this the security issue will be dealt with properly. For now, I just needed a fix to get the prototype working. To get the security permissions changed would require red tape, and this carries a time penalty the luxury of which we currently can ill afford.

The impersonated user has access within the sandbox, and that's about it so the risk is minimal.

I accept eeks comments as entirely valid, and have indicated this many times. The thing I don't accept is his tendancy to have a hissy fit at the slightest hint of a challenge to his suggestions.

ignoreList

Oh, the irony

(And since user_name is case sensitive, the query would return no rows anyway)

Like writing your passive-aggressive signature? Did you have to consult SQL for Dummies?

That's the point he's trying to make. Good security practice is to give the app the least privileges required to do what it needs to do i.e. give it permission to the oracle home directory. By choosing to impersonate another user you have, as a side effect, given it access to everything that user can access which probably includes lots and lots of other things that it doesn't need and probably shouldn't have access to. If the web app were to be exploited and an attacker able to run arbitrary code the range of things they could do is now significantly wider.

Really don't as I am a grown up with better things to do.

HTH

I had deleted that.

If you want to attack me do it in general. If you are brave enough.

I love it when you back pedal

Personally I think his attempt to post proper answers here and then mock you about it in General is better than complaining the answers aren't good enough

Sound advice.

I did not want a spat. I think Eek has rather let himself down with his childish rants. If he had simply said

"Fair enough, if it works it works, however be aware that you have potentially caused the following issues ....."

This would have been a level headed and mature response, worthy of a time seasoned contractor. Instead, well, the least said the better.

Oh, and for the record, he has a history of splurging my requests for help in technical all over General. Newcomers to the forum may see this and decide to refrain from posting in technical on the strength of this. Just saying like