Re: Some idea for the security hole in database links

From: D'Hooge Freek <Freek.DHooge_at_uptime.be>
Date: Thu, 16 Jan 2014 08:07:08 +0000
Message-ID: <1389859627.5748.33.camel_at_dhoogfr-lpt1>



Hi,

One way to reduce the risk is to not have the database link connect to the schema owning the objects you are trying to reach, but instead connect it to a separate schema that only gets the privileges required to access that required object(s).

For the password enabled roles, is this not something that should be done on the db link "start point". eg to protect the views (or packages) in which "table_at_db_link<mailto:table_at_db_link>" is used?

kind regards,

--

Freek D'Hooge
Uptime
Oracle Database Administrator
email: freek.dhooge_at_uptime.be<mailto:freek.dhooge_at_uptime.be> tel +32(03) 451 23 82
http://www.uptime.be

On wo, 2014-01-15 at 17:02 -0400, Juan Carlos Reyes Pacheco wrote: Hello,
I think you know If you use database links once you connect the user, you have all the privileges the link has. Even if you reduce to the minimum the privileges the user you use to connect the database links, that privileges are enabled from the beggining.

You don't have something like enable role with password in users.

I don't know if some one please knows how to avoid the security problem, I supposed Oracle was going to do something but I don't see he's planning to create a solution to make secure the database links. The only solution I had seen is not to use database links.

Thank you

--

http://www.freelists.org/webpage/oracle-l Received on Thu Jan 16 2014 - 09:07:08 CET

Original text of this message