Tag: Database link

Database Link Secuirty Issue

Posted on by Osama Mustafa in Database
“Use the CREATE DATABASE LINK statement to create a database link. A database link is a schema object in one database that enables you to access objects on another database. The other database need not be an Oracle Database system. However, to access non-Oracle systems you must use Oracle Heterogeneous Services.”

But did you ask your self before about the impact of using Oracle Database link ? and how to secure my database link ?

One Of Common Issue that you need to be aware of is Privileges , When you create database link most of users use DBA Role which mean user will able to do anything he want in database,which mean
who gains access to a database link can execute queries with the privileges of the DBLINK account  to avoid this try to create user with less Privileges he needs.

Another issue in 10g When you create database link check the below :

CREATE DATABASE LINK “TEST_LINK” CONNECT TO “Test” IDENTIFIED BY Test ;

Database link created. 

After that check the below table :

SQL> select name, userid, passwordx from sys.link$ where name=’TEST_LINK.REGRESS.RDBMS.DEV.US.ORACLE.COM’;

NAME     USERID  PASSWORDX
——————————————————————————–
TEST_LINK.REGRESS.RDBMS.DEV.US.ORACLE.COM OSAMA   05CB53401E442441B428B900A97DE31A10

as you see the password is saved as hash, and can be decrypt .

But what if :

SQL> SELECT DBMS_METADATA.GET_DDL(‘DB_LINK’,’TEST_LINK.REGRESS.RDBMS.DEV.US.ORACLE.COM’) from dual ;

Check the output below :

CREATE DATABASE LINK “TEST_LINK”
CONNECT TO “Osama” IDENTIFIED BY VALUES ‘05CB53401E442441B428B900A97DE31A10

another security Issue of using Database link.

Imagine what could be happened next.

Thank you
Osama Mustafa

Create Database Link

Posted on by Osama Mustafa in Database
This Topics talks About how to create Database link , what i need

Solution

1-If you are creating public dblink, you will need a user with the following permissions:

create public database link 
drop public database link 

 If you are creating dblink, you will need a user with the following permission: 

create database link

2-check Global_names parameter in database , if you create public database link its should be TRUE, otherwise FALSE 

How To check it :

-Show Parameter global 
OR
SELECT name, valueFROM gv$parameter WHERE name =’global_names’;

To Change its Value :

Alter system set = Scope=Spfile/Memory 

3) Create the database link: 

SQL> CREATE [SHARED] [PUBLIC] DATABASE LINK CONNECT TO CURRENT_USER USING ”;

 Please note that: 
* The single quotes around the service name are mandatory 
* The service name used above must be in the TNSNAMES.ORA file on the server. If it does not existyou can create one like below: 

connection_link = 
(DESCRIPTION =(ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST = n host name>)

(PORT = 1521)))(CONNECT_DATA =(SERVICE_NAME = )))

4) Make sure that the database link is created:

SQL> SELECT * FROM user_db_links;

Also you Can Check Database Domain :

SQL> SELECT name, valueFROM gv$parameter WHERE name IN (‘db_name’, ‘db_domain’);

sometimes you need to set database domain , refer to  Note 578668.1

Enjoy 

Osama Mustafa