Re: DB Link question

Gerard Lacroix wrote:

> Hi.
> Is it possible for a dba to deny connections to its database, made via
> dblinks ?
> I mean, if user A has create database link privilege in db1, and
> wants to make a dblink to db2 with certain user, can the dba from db2
> set some system privileges or logon triggers to reject that kind of
> connections ?
>

At the risk of over-simplifying, think of a dblink as an "automated login". It essentially gives you the same privileges as an ordinary Oracle Net client connection, but since the user, authentication, and connection information are stored in the local database, you don't have to provide them repeatedly (as you did with the legacy "copy" command in SQL*Plus, for example).

So, anything that you can do to limit ordinary client connections, such as changing the password, disabling the account, restricting the network addresses that can connect, and so on, should also work for a dblink. There may be other specific techniques that apply only to dblinks (GLOBAL_NAME being one), but you still won't be blocking the client from doing most if not all of whatever you are trying to prevent them from doing.

In other words, blocking "that kind of connection" doesn't accomplish much if other kinds of connections are still allowed.

-Mark Bole Received on Thu Sep 15 2005 - 19:09:38 CDT