Originally posted by suityou01
View Post
-
I agree someone needs to do some reading up on security. Unfortunately its not me.merely at clientco for the entertainment -
It was a serious question. CUK is the last place I'd ask a programming question simply due to the very small number of people here... on SO you get answers from the people who designed the technologies in the first place sometimes!Originally posted by suityou01 View PostI love you all equally Doogie, no need to seek attention.
And could you keep the spats for General... there's special thread for it and everything!Originally posted by MaryPoppinsOriginally posted by vetranComment
-
Sound advice.Originally posted by d000hg View Post
I did not want a spat. I think Eek has rather let himself down with his childish rants. If he had simply said
"Fair enough, if it works it works, however be aware that you have potentially caused the following issues ....."
This would have been a level headed and mature response, worthy of a time seasoned contractor. Instead, well, the least said the better.
Oh, and for the record, he has a history of splurging my requests for help in technical all over General. Newcomers to the forum may see this and decide to refrain from posting in technical on the strength of this. Just saying like
Knock first as I might be balancing my chakras.Comment
-
Personally I think his attempt to post proper answers here and then mock you about it in General is better than complaining the answers aren't good enoughOriginally posted by suityou01 View PostOh, and for the record, he has a history of splurging my requests for help in technical all over General. Newcomers to the forum may see this and decide to refrain from posting in technical on the strength of this. Just saying like
Originally posted by MaryPoppinsOriginally posted by vetranComment
-
I love it when you back pedalOriginally posted by eek
Knock first as I might be balancing my chakras.Comment
-
I had deleted that.
If you want to attack me do it in general. If you are brave enough.merely at clientco for the entertainmentComment
-
Knock first as I might be balancing my chakras.Comment
-
Originally posted by eekThat's the point he's trying to make. Good security practice is to give the app the least privileges required to do what it needs to do i.e. give it permission to the oracle home directory. By choosing to impersonate another user you have, as a side effect, given it access to everything that user can access which probably includes lots and lots of other things that it doesn't need and probably shouldn't have access to. If the web app were to be exploited and an attacker able to run arbitrary code the range of things they could do is now significantly wider.Originally posted by suityou01 View PostWhile you're waiting, read the free novel we sent you. It's a Spanish story about a guy named 'Manual.'Comment
-
Like writing your passive-aggressive signature? Did you have to consult SQL for Dummies?Originally posted by suityou01 View PostOriginally posted by MaryPoppinsOriginally posted by vetranComment
-
Originally posted by d000hg View PostSELECT User_Id IgnoresList FROM CUK_USERS WHERE USER_NAME = 'EEK' OR USER_CAN_SPELL = FALSE;
ignoreList
Oh, the irony
(And since user_name is case sensitive, the query would return no rows anyway)Comment
Comment