Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!lll-winken!manatt
From: manatt@lll-winken.ARPA (Doug Manatt)
Newsgroups: comp.databases
Subject: Security hole in RTI ingres
Message-ID: <877@lll-winken.ARPA>
Date: Fri, 4-Sep-87 12:16:42 EDT
Article-I.D.: lll-wink.877
Posted: Fri Sep  4 12:16:42 1987
Date-Received: Sat, 5-Sep-87 18:13:18 EDT
Organization: Lawrence Livermore Labs, Livermore CA  94550
Lines: 10
Keywords: Security Ingres


	Relational Technology Inc.'s RDBMS and 4GL "Ingres" has a security 
problem.  It turns out that the tables that the system uses to store user's 
objects (Forms, Graphs, Applications, Reports, JoinDefs), called "Front-end 
system tables" by RTI, can be changed, appended to, and deleted from by any 
user of the database.  This means that anyone with access to a database can 
destroy or change anothers work.  
	There is a work-around though.  You can have only one user per 
database, thus maintaining the security of that users work...well, so much
for the ability to share data!
				Doug Manatt