I could have sworn that in 8.0 the password in link$ showed encrypted. I
don't have access to Metalink doc id Note 202987.1 which discusses this in
more detail.
BTW, user_history$ shows encrypted password.
--
Terry Dykstra
Canadian Forest Oil Ltd.
<fitzjarrell_at_cox.net> wrote in message
news:1125687665.449388.111820_at_g43g2000cwa.googlegroups.com...
>
> EdStevens wrote:
> > Maxim Demenko wrote:
> > > EdStevens schrieb:
> > > > Oracle 9.2.0.7.0 on Win2003
> > > >
> > > > Stumbled on to this, and don't have an explanation:
> > > >
> > > > Connected as SYSTEM, with the standard, out-of-the-box DBA role:
> > > >
> > > > system_at_NPSTDB.WORLD> select count(*) from sys.link$;
> > > > select count(*) from sys.link$
> > > > *
> > > > ERROR at line 1:
> > > > ORA-01031: insufficient privileges
> > > >
> > > > A little further hunting shows that there are only 2 of the sys.$
> > > > tables that this happens on ... SYS.LINK$ and SYS.USER_HISTORY$
> > > >
> > > >
> > > > ???
> > > >
> > >
> > > Maybe issue of O7_dictionary_accessibility ? If set to FALSE, all
tables
> > > owned by SYS must be granted explicitly ( select any table combined
with
> > > select any dictionary are not sufficient ).
> > >
> > > Best regards
> > >
> > > Maxim
> >
> > Well, O7_dictionary_accessibility = false, but if that were the issue,
> > I shouldn't be able to get any of the sys.%$ tables, right?
> >
> > C:\>sqlplus system_at_npsp9
> >
> > SQL*Plus: Release 9.2.0.1.0 - Production on Fri Sep 2 13:01:52 2005
> >
> > Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
> >
> > Enter password:
> >
> > Connected to:
> > Oracle9i Release 9.2.0.7.0 - Production
> > JServer Release 9.2.0.7.0 - Production
> >
> > SQL>
> > SQL> show parameter O7
> >
> > NAME TYPE VALUE
> > ------------------------------------ -----------
> > ------------------------------
> > O7_DICTIONARY_ACCESSIBILITY boolean FALSE
> >
> >
> > SQL> select table_name
> > 2 from dba_tab_privs
> > 3 where owner='SYS'
> > 4 and grantee='SYSTEM'
> > 5 and table_name like '%$'
> > 6 /
> >
> > no rows selected
> >
> > SQL> select count(*) from sys.link$;
> > select count(*) from sys.link$
> > *
> > ERROR at line 1:
> > ORA-01031: insufficient privileges
> >
> >
> > SQL> select count(*) from sys.access$;
> >
> > COUNT(*)
> > ----------
> > 10258
> >
> > There's no difference in ownership or object privileges between
> > sys.link$ and sys.access$. I'm sure I'm overlooking something, but
> > what?
>
> The fact that SYS.LINK$ and SYS.USER_HISTORY$ both contain plaintext
> passwords for the accounts. With a SYSDBA privileged account these
> values are visible; any non-SYSDBA account should not have access to
> such information, which may be a result of the Sarbanes-Oxley Act. Of
> course it is questinoable whether *anyone* should have access to
> plaintext account passwords, and I would have expected Oracle to
> maintain their policy of only storing hashed passwords in the data
> dictionary. Apparently they had a valid reason for having such views,
> but I cannot understand what that reason could be.
>
>
> David FItzjarrell
>
Received on Fri Sep 02 2005 - 14:42:31 CDT
