Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: DBLINKs in critical production system

RE: DBLINKs in critical production system

From: Hemant K Chitale <hkchital_at_singnet.com.sg>
Date: Tue, 01 May 2007 21:57:16 +0800
Message-Id: <200705011357.l41Dv9ao029580@smtp12.singnet.com.sg>

The "security hole" I am referring to is at two levels : 1. If the DBLink connects to the base schema (owning the tables) anyone with access to the account owning the DBLink has full privileges on that remote schema. That is -- an "Authorised" user in Database "A" would implicitly gain privileges to do "unauthorised" things in Database "B" ! 2. Yes, in pre-9i, there are ways to view the DBLink password. So a DBA in Database "A" would be able to do "unauthorised" things in Database "B" even if he does not have access to Database "B".

Hemant

At 09:31 PM Tuesday, Thotangare, Ajay \(GTI\) wrote:
>Is "security hole" still applicable in 10g assuming no extra privileges
>are given. In 10g password is encrypted in sys.link$
>
>-----Original Message-----
>From: Hemant K Chitale [mailto:hkchital_at_singnet.com.sg]
>Sent: Tuesday, May 01, 2007 8:06 AM
>To: Thotangare, Ajay (GTI); oracle-l_at_freelists.org
>Subject: Re: DBLINKs in critical production system
>
>
><<deleted>>
>1. If you create a DBLink connecting to the base schema (the schema
>actually owning the tables being referenced)
>then that is a big NO NO (read "Security Hole").
><<deleted>>

Hemant K Chitale
http://web.singnet.com.sg/~hkchital
and
http://hemantscribbles.blogspot.com
and
http://hemantoracledba.blogspot.com

"First they ignore you, then they laugh at you, then they fight you, then you win" !"
Mohandas Gandhi Quotes
: http://www.brainyquote.com/quotes/authors/m/mohandas_gandhi.html

--
http://www.freelists.org/webpage/oracle-l
Received on Tue May 01 2007 - 08:57:16 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US