Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: DBLINKs in critical production system

RE: DBLINKs in critical production system

From: Thotangare, Ajay \(GTI\) <Ajay_Thotangare_at_ml.com>
Date: Mon, 30 Apr 2007 12:07:13 -0400
Message-ID: <C8C1CE9973039245BF52C0FC3DF02F60C5C65C@MLNYA222MB.amrs.win.ml.com>


Till 9i I see Sys.Link$ has clear text password but not in 10gR2. Can I consider that security hole is patched in 10gR2?10gR1 I haven't checked. ( Leaving aside the performance hit problem)  


From: JApplewhite_at_austinisd.org [mailto:JApplewhite_at_austinisd.org] Sent: Monday, April 30, 2007 11:55 AM
To: Thotangare, Ajay (GTI)
Cc: oracle-l_at_freelists.org; oracle-l-bounce_at_freelists.org Subject: Re: DBLINKs in critical production system  

Ajay,

Depends (as usual). If the DB Links are FROM the Prod system TO others and you're careful about which User you connect to on the other end, then you're probably OK, though others might have issues. You've got to be very careful about DB Links from other databases TO Prod. Those can become "back doors" to get at your Prod data.

Also, up through 9i the Password column in the Sys.Link$ table was in plain text - not in my 10.2 database, though. Anyone with Select Any Dictionary priv could see the passwords. Obviously, a gaping security hole to make sure you plug.

DB Links can also be a performance bottleneck if you're dragging lots of data from other databases back to Prod across a LAN/WAN. If the other database(s) is(are) on the same server as Prod, then having the DB Links use IPC greatly reduces the performance hit.

DB Links can be useful, even in Prod, but require great care in implementation, IMHO.

Jack C. Applewhite - Database Administrator Austin (Texas) Independent School District 512.414.9715 (wk) / 512.935.5929 (pager)

Same-Day Stump Grinding! Senior Discounts!

"Thotangare, Ajay \(GTI\)" <Ajay_Thotangare_at_ml.com> Sent by: oracle-l-bounce_at_freelists.org

04/30/2007 10:32 AM

Please respond to
Ajay_Thotangare_at_ml.com

To

<oracle-l_at_freelists.org>

cc  

Subject

DBLINKs in critical production system      

Hi Group,

I have a question about dblink. I always hear that

Can anybody please let me know the reason for such comments on dblinks.

regards,

Ajay


If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail. http://www.ml.com/email_terms/


--
http://www.freelists.org/webpage/oracle-l
Received on Mon Apr 30 2007 - 11:07:13 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US