Archives of the TeradataForum
Message Posted: Tue, 03 Jun 2003 @ 18:45:13 GMT
| Subj: | | Re: References in WINDDI |
| |
| From: | | John Hall |
Just a hurried thought: If I was hacking (or worst), knowing that specific tables (ie- payroll, SSN, etc) exist on the system would allow
me to focus my efforts on gaining access to those tables. By having select on DBC.TVM (or even worst: DBC.TVFIELDS), I would be able to
know all tables on the system, irregardless of any privileges to those databases/tables.
If I was up to no good, I might then try social engineering to gain access to that data. Generally with social engineering, nobody will
help if you can't provide pretty specific information. If I can give specific information, it may not be too hard to convince somebody to
let me have access or perform some queries for me.
Having access to the dictionary tables does help a person to gain specific information and just makes them one more person who needs to
be trusted. Personally, I want to keep the list of trusted people to a minimum. In that same vein, the list of people who had access to
WinDDI would be extremely short.
With the probability of hacking a real issue, it pays to be a little paranoid.
| 
