|
||
|
Title: Issues with debug connect session privilege Post by Pete Finnigan on May 22nd, 2007, 2:35pm I work for a relatively large organization, and am responsible for writing and maintaining pl/sql code for web applications. I was denied a request for "Debug Connect Session" on our production DB instance. There was a run-time problem with code in production, not occuring in QA. I wanted to step through the code to see what was going on. I had read briefly from the blog, as to the dangers of allowing users to debug DBs, but I just wanted more information as to why this is a dangerous practice. Environment: - I'm the only developer on the DB instance, but it's on a shared machine. - Oracle 10g r2 - using PL/SQL Developer (allaroundautomations) as my development tool. Thanks in advance. |
||
|
Title: Re: Issues with debug connect session privilege Post by Pete Finnigan on May 25th, 2007, 8:40am Hi, The issues with allowing debug access to the production server are that there are ways to reveal more information from the database server than you could by simply running your applications packaged PL/SQL and in some instances it is possible to exploit the database via the debugger. cheers Pete |
||
|
Title: Re: Issues with debug connect session privilege Post by Pete Finnigan on May 30th, 2007, 1:36pm Thanks for your assistance. |
||
|
Powered by YaBB 1 Gold - SP 1.4! Forum software copyright © 2000-2004 Yet another Bulletin Board |