Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!husc6!cmcl2!brl-adm!angel From: angel@brl-adm.ARPA (Rick Angelini ) Newsgroups: comp.databases Subject: Security Hole in RTI Ingres Message-ID: <9196@brl-adm.ARPA> Date: Tue, 8-Sep-87 14:03:43 EDT Article-I.D.: brl-adm.9196 Posted: Tue Sep 8 14:03:43 1987 Date-Received: Thu, 10-Sep-87 02:03:44 EDT Distribution: na Organization: Ballistic Research Lab (BRL), APG, MD. Lines: 22 Keywords: Security Ingres ------------------------------------------ In response to .... To: manatt@lll-winken.ARPA Subject: Re: Security hole in RTI ingres Newsgroups: comp.databases ------------------------------------------- As a user in your Ingres database, I may access a form which you created, and modify that form. However, I will *not* overwrite your original copy of that form. I will have my own personal copy of the form, (it could even have the same name as your form), but I'm the only one who can access _my_ form. The form created by the DB owner is the globally accessible one. I haven't heard of a user (other than the DB owner) being able to run amuck and modify/destroy forms, reports, graphs, etc which that individual user did not own. Of course, the DBA may at any time clean up his database by removing the offending tables, forms, graphs, etc. As a valid user in your database, I can even make my own tables with table names the same as yours. However, my tables are MY tables, and your tables are the globally accessible tables.