Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: DBLINKs in critical production system
The "security hole" I am referring to is at two levels : 1. If the DBLink connects to the base schema (owning the tables) anyone with access to the account owning the DBLink has full privileges on that remote schema. That is -- an "Authorised" user in Database "A" would implicitly gain privileges to do "unauthorised" things in Database "B" ! 2. Yes, in pre-9i, there are ways to view the DBLink password. So a DBA in Database "A" would be able to do "unauthorised" things in Database "B" even if he does not have access to Database "B".
Hemant
At 09:31 PM Tuesday, Thotangare, Ajay \(GTI\) wrote:
>Is "security hole" still applicable in 10g assuming no extra privileges
>are given. In 10g password is encrypted in sys.link$
>
>-----Original Message-----
>From: Hemant K Chitale [mailto:hkchital_at_singnet.com.sg]
>Sent: Tuesday, May 01, 2007 8:06 AM
>To: Thotangare, Ajay (GTI); oracle-l_at_freelists.org
>Subject: Re: DBLINKs in critical production system
>
>
><<deleted>>
>1. If you create a DBLink connecting to the base schema (the schema
>actually owning the tables being referenced)
>then that is a big NO NO (read "Security Hole").
><<deleted>>
Hemant K Chitale
http://web.singnet.com.sg/~hkchital
and
http://hemantscribbles.blogspot.com
and
http://hemantoracledba.blogspot.com
"First they ignore you, then they laugh at you, then they fight you,
then you win" !"
Mohandas Gandhi Quotes
: http://www.brainyquote.com/quotes/authors/m/mohandas_gandhi.html
-- http://www.freelists.org/webpage/oracle-lReceived on Tue May 01 2007 - 08:57:16 CDT
![]() |
![]() |