Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Select any dictionary role

RE: Select any dictionary role

From: Jacques Kilchoer <Jacques.Kilchoer_at_quest.com>
Date: Mon, 17 Oct 2005 14:50:32 -0700
Message-ID: <B5C5F99D765BB744B54FFDF35F60262119FCE9@irvmbxw02>


I think it was Mr. Finnigan that pointed out on this list once that if you create a database link like this: create database link MY_LINK connect to SOME_USER identified by SOME_USER_PASSWORD using 'tns_alias' ; Then a user with 'SELECT ANY DICTIONARY' would be able to see the password in clear text with this query: select * from sys.link$ ;

>From an Oracle 9.2 database

SQL> create database link X.Y.Z
  2 connect to SOME_USER identified by SOME_USER_PASSWORD   3 using 'tns_alias' ;
Lien de base de données créé.

SQL> select userid, password from sys.link$ where name = 'X.Y.Z' ;

USERID                         PASSWORD
------------------------------ ------------------------------
SOME_USER                      SOME_USER_PASSWORD
SQL> -----Message d'origine-----
De : oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] De la part de Fred Smith

  Just wanted to get your thoughts ... is there any "danger" to granting developers the SELECT ANY DICTIONARY role in the database? (IMHO, they don't particulary need such "open" access, however tools such as OEM require it for login apparently).

--
http://www.freelists.org/webpage/oracle-l
Received on Mon Oct 17 2005 - 16:56:11 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US