Re: Dblink in Oracle10g

From: Roman Podshivalov <roman.podshivalov_at_gmail.com>
Date: Wed, 19 Nov 2008 16:18:04 -0500
Message-ID: <55f303590811191318l502ece97xf42f9826fd2efc3e@mail.gmail.com>

Instead of tampering with passwords and profiles it's safer to use proxy authentication like:

SQL> drop user u1 cascade;
User dropped.
SQL> drop user u2 cascade;
User dropped.
SQL> create user u1 identified by u1;
User created.
SQL> grant create session, create database link to u1; Grant succeeded.
SQL> create user u2 identified by u2;
User created.
SQL> grant create session to u2;
Grant succeeded.
SQL> alter user u1 grant connect through u2; User altered.
SQL> connect u2[u1]/u2
Connected.
SQL> show user
USER is "U1"
SQL> create database link a connect to b identified by c using 'd'; Database link created.
SQL> --romas

On Wed, Nov 19, 2008 at 1:22 PM, Jared Still <jkstill_at_gmail.com> wrote:

> On Wed, Nov 19, 2008 at 5:41 AM, <Joel.Patterson_at_crowley.com> wrote:
>
>>
>> The script would be better off changing the password back to its
>> original immediately after connecting to the local user account. There
>> is no need to do all the work first if as the description warns about
>> changing a password even for a few seconds. Well if you change it back
>> immediately it wouldn't be your password for longer than it takes to
>> connect.
>>
>>
> Here is something to check for when temporarily changing passwords.
>
> The account may be assigned to a profile that prevents the reuse of a
> password,
> and may also prevent the use of your temporary password if it doesn't
> meet the criteria of the verify password function.
>
> Best to check beforehand and plan for it.
>
> There is a way to work around the profile problem.
>
> Create a new profile with no options, for temporary use only.
>
> I will call it empty_profile here.
>
> alter user dblink_owner identified by new_password profile empty_profile;
>
> Do the rest of the work as this user.
>
> Change the password back;
>
> alter user dblink_owner identified by old_password;
> alter user dblink_owner profile <original_profile>;
>
> You best document it if you are routinely audited, as these changes
> will appear in sys.user_history$, which a sharp auditor may know about.
>
> Jared
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Nov 19 2008 - 15:18:04 CST

This message: [ Message body ]
Next message: Powell, Mark D: "RE: MSDAORA.DLL (Microsoft OLE DB For Oracle) Connectivity Question"
Previous message: Greg Norris: "Re: Dblink in Oracle10g"
In reply to: Jared Still: "Re: Dblink in Oracle10g"
Next in thread: Rich Jesse: "Re: Dblink in Oracle10g"
Reply: Rich Jesse: "Re: Dblink in Oracle10g"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message