Database Link Secuirty Issue

“Use the CREATE DATABASE LINK statement to create a database link. A database link is a schema object in one database that enables you to access objects on another database. The other database need not be an Oracle Database system. However, to access non-Oracle systems you must use Oracle Heterogeneous Services.”

But did you ask your self before about the impact of using Oracle Database link ? and how to secure my database link ?

One Of Common Issue that you need to be aware of is Privileges , When you create database link most of users use DBA Role which mean user will able to do anything he want in database,which mean
who gains access to a database link can execute queries with the privileges of the DBLINK account  to avoid this try to create user with less Privileges he needs.

Another issue in 10g When you create database link check the below :

CREATE DATABASE LINK “TEST_LINK” CONNECT TO “Test” IDENTIFIED BY Test ;

Database link created. 

After that check the below table :

SQL> select name, userid, passwordx from sys.link$ where name=’TEST_LINK.REGRESS.RDBMS.DEV.US.ORACLE.COM’;

NAME     USERID  PASSWORDX
——————————————————————————–
TEST_LINK.REGRESS.RDBMS.DEV.US.ORACLE.COM OSAMA   05CB53401E442441B428B900A97DE31A10

as you see the password is saved as hash, and can be decrypt .

But what if :

SQL> SELECT DBMS_METADATA.GET_DDL(‘DB_LINK’,’TEST_LINK.REGRESS.RDBMS.DEV.US.ORACLE.COM’) from dual ;

Check the output below :

CREATE DATABASE LINK “TEST_LINK”
CONNECT TO “Osama” IDENTIFIED BY VALUES ‘05CB53401E442441B428B900A97DE31A10

another security Issue of using Database link.

Imagine what could be happened next.

Thank you
Osama Mustafa

3 thoughts on “Database Link Secuirty Issue

  1. Hi Osama ;I still getting confused to practice what you posted here ..SQL> grant create database link to xx;Grant succeeded.SQL> show user;USER is “XX”create database link osama connect to xx identified by xx using 'orcl';Database link created.>> Connecting as sysdba >>SQL> select USERID, name, passwordx from sys.link$ where 2 name='OSAMA.REGRESS.RDBMS.DEV.US.ORACLE.COM';USERID NAME PASSWORDXXX OSAMA.REGRESS.RDBMS.DEV.US.ORACLE.COM 05BD4A6D6C3019E29EEB898D2343BCB0C2SQL> SELECT DBMS_METADATA.GET_DDL('DB_LINK','OSAMA.REGRESS.RDBMS.DEV.US.ORACLE.COM') from dual;ERROR:ORA-31603: object “OSAMA.REGRESS.RDBMS.DEV.US.ORACLE.COM” of type DB_LINK not found in schema “SYS”ORA-06512: at “SYS.DBMS_SYS_ERROR”, line 105ORA-06512: at “SYS.DBMS_METADATA”, line 2806ORA-06512: at “SYS.DBMS_METADATA”, line 4333ORA-06512: at line 1FYI : Even i connected as sysdba , i can't trace it … So please see it and kindly reply me ..

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.