Q
qasimpatwekar
Guest
Hi dbeavon, thanks for your reply. As you said " you must specify GRANT statements before the databasse will give access to data. " Exactly, thats also my point. Anyoone can GRANT any access to any user (non-existing user id as well). If I know dbname and its secondary broker port and who has created the db, then that information is enough for any other user. Other user can just have to write: sqlexp -db dbname -port XXX -user username-who-created-db-or-sysprogress. This is a security thread.
Continue reading...
Continue reading...