Database Link Secuirty Issue

Posted on by Osama Mustafa in Database
“Use the CREATE DATABASE LINK statement to create a database link. A database link is a schema object in one database that enables you to access objects on another database. The other database need not be an Oracle Database system. However, to access non-Oracle systems you must use Oracle Heterogeneous Services.”

But did you ask your self before about the impact of using Oracle Database link ? and how to secure my database link ?

One Of Common Issue that you need to be aware of is Privileges , When you create database link most of users use DBA Role which mean user will able to do anything he want in database,which mean
who gains access to a database link can execute queries with the privileges of the DBLINK account  to avoid this try to create user with less Privileges he needs.

Another issue in 10g When you create database link check the below :

CREATE DATABASE LINK “TEST_LINK” CONNECT TO “Test” IDENTIFIED BY Test ;

Database link created. 

After that check the below table :

SQL> select name, userid, passwordx from sys.link$ where name=’TEST_LINK.REGRESS.RDBMS.DEV.US.ORACLE.COM’;

NAME     USERID  PASSWORDX
——————————————————————————–
TEST_LINK.REGRESS.RDBMS.DEV.US.ORACLE.COM OSAMA   05CB53401E442441B428B900A97DE31A10

as you see the password is saved as hash, and can be decrypt .

But what if :

SQL> SELECT DBMS_METADATA.GET_DDL(‘DB_LINK’,’TEST_LINK.REGRESS.RDBMS.DEV.US.ORACLE.COM’) from dual ;

Check the output below :

CREATE DATABASE LINK “TEST_LINK”
CONNECT TO “Osama” IDENTIFIED BY VALUES ‘05CB53401E442441B428B900A97DE31A10

another security Issue of using Database link.

Imagine what could be happened next.

Thank you
Osama Mustafa

Published by Osama Mustafa

Osama considered as one of the leaders in Cloud technology, DevOps and database in the Middle-East. I have more than ten years of experience within the industry. moreover, certfied 4x AWS , 4x Azure and 6x OCI, have also obtained database certifications for multiple providers. In addition to having experience with Oracle database and Oracle products, such as middle-ware, OID, OAM and OIM, I have gained substantial knowledge with different databases. Currently, I am architecting and implementing Cloud and DevOps. On top of that, I'm providing solutions for companies that allow them to implement the solutions and to follow the best practices.

3 thoughts on “Database Link Secuirty Issue

  2. Hi Osama ;I still getting confused to practice what you posted here ..SQL> grant create database link to xx;Grant succeeded.SQL> show user;USER is “XX”create database link osama connect to xx identified by xx using 'orcl';Database link created.>> Connecting as sysdba >>SQL> select USERID, name, passwordx from sys.link$ where 2 name='OSAMA.REGRESS.RDBMS.DEV.US.ORACLE.COM';USERID NAME PASSWORDXXX OSAMA.REGRESS.RDBMS.DEV.US.ORACLE.COM 05BD4A6D6C3019E29EEB898D2343BCB0C2SQL> SELECT DBMS_METADATA.GET_DDL('DB_LINK','OSAMA.REGRESS.RDBMS.DEV.US.ORACLE.COM') from dual;ERROR:ORA-31603: object “OSAMA.REGRESS.RDBMS.DEV.US.ORACLE.COM” of type DB_LINK not found in schema “SYS”ORA-06512: at “SYS.DBMS_SYS_ERROR”, line 105ORA-06512: at “SYS.DBMS_METADATA”, line 2806ORA-06512: at “SYS.DBMS_METADATA”, line 4333ORA-06512: at line 1FYI : Even i connected as sysdba , i can't trace it … So please see it and kindly reply me ..

    Like

    Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.