Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Select any dictionary role

RE: Select any dictionary role

From: fairlie rego <fairlie_r_at_yahoo.com>
Date: Mon, 17 Oct 2005 16:12:53 -0700 (PDT)
Message-ID: <20051017231253.25118.qmail@web31906.mail.mud.yahoo.com>


Hi,  

The access to LINK$ was revoked from the select any dictionary role as part of patch 3121872 which can be applied on top of Oracle 9.2.0.2 & above and is no longer an issue in 10G.  

Also the password for a dblink is no longer visible in clear text in 10Gr2.  

Regards,
Fairlie

Jacques Kilchoer <Jacques.Kilchoer_at_quest.com> wrote: I think it was Mr. Finnigan that pointed out on this list once that if you create a database link like this: create database link MY_LINK connect to SOME_USER identified by SOME_USER_PASSWORD using 'tns_alias' ; Then a user with 'SELECT ANY DICTIONARY' would be able to see the password in clear text with this query: select * from sys.link$ ;

>From an Oracle 9.2 database

SQL> create database link X.Y.Z
2 connect to SOME_USER identified by SOME_USER_PASSWORD 3 using 'tns_alias' ;
Lien de base de données créé.

SQL> select userid, password from sys.link$ where name = 'X.Y.Z' ; USERID PASSWORD

------------------------------ ------------------------------
SOME_USER SOME_USER_PASSWORD
SQL> -----Message d'origine-----
De : oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] De la part de Fred Smith

Just wanted to get your thoughts ... is there any "danger" to granting developers the SELECT ANY DICTIONARY role in the database? (IMHO, they don't particulary need such "open" access, however tools such as OEM require it for login apparently).

--
http://www.freelists.org/webpage/oracle-l


Fairlie Rego
Senior Oracle Consultant
Optus Telecommunications
www.optus.com.au
Mobile: +61 4 02 792 405
Home: +61 2 8920 0273

 
When I read about the evils of drinking, I gave up reading.






		
---------------------------------
 Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
--
http://www.freelists.org/webpage/oracle-l
Received on Mon Oct 17 2005 - 18:15:00 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US