David's second interesting post is titled 0wned by the lowly Oracle rowid pseudo function? and discusses the use of the ROWID function to predict information that is there but is perhaps not visible because of the use of VPD. This could undermine VPD in some circumstances but would require predictable other data to enable someone with SQL access to use the ROWID function to predict missing records. What is intersting about this post is that it uses the same method I suggested around 4 years ago but from another angle. I used it in Oracle forensics to show how a deleted record from SYS.AUD$ could be identified and also how altered records showed up in the same table when comparing the ROWID and also the timestamps.
There has been 2 Comments posted on this article