> The issues you have raised have prevented me from deploying an
> application over the internet that I was planning to rollout.
> There are some other security holes that I would like to see
> closed off too. Is all someone needs to exploit them is a valid
> username and password. Not just the SYSDBA...

6.0 does enhance db file protection (eg. database highjack)
SQL security can be placed on system tables to prevent db
object creation (eg. create table). I am not sure how you
could prevent a rogue 'create database' at this time.