Some idea for the security hole in database links
From: Juan Carlos Reyes Pacheco <jcdrpllist_at_gmail.com>
Date: Wed, 15 Jan 2014 17:02:58 -0400
Message-ID: <CAGYrQytugfOV0yHWSZSy4c0LG-paB1wdm1TmO4Cs4=YWkRyqOw_at_mail.gmail.com>
Hello,
I think you know If you use database links once you connect the user, you have all the privileges the link has.
Even if you reduce to the minimum the privileges the user you use to connect the database links, that privileges are enabled from the beggining.
Date: Wed, 15 Jan 2014 17:02:58 -0400
Message-ID: <CAGYrQytugfOV0yHWSZSy4c0LG-paB1wdm1TmO4Cs4=YWkRyqOw_at_mail.gmail.com>
Hello,
I think you know If you use database links once you connect the user, you have all the privileges the link has.
Even if you reduce to the minimum the privileges the user you use to connect the database links, that privileges are enabled from the beggining.
You don't have something like enable role with password in users.
I don't know if some one please knows how to avoid the security problem, I supposed Oracle was going to do something but I don't see he's planning to create a solution to make secure the database links. The only solution I had seen is not to use database links.
Thank you
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Jan 15 2014 - 22:02:58 CET