But did you ask your self before about the impact of using Oracle Database link ? and how to secure my database link ?
One Of Common Issue that you need to be aware of is Privileges , When you create database link most of users use DBA Role which mean user will able to do anything he want in database,which mean
who gains access to a database link can execute queries with the privileges of the DBLINK account to avoid this try to create user with less Privileges he needs.
Another issue in 10g When you create database link check the below :
CREATE DATABASE LINK “TEST_LINK” CONNECT TO “Test” IDENTIFIED BY Test ;
Database link created.
After that check the below table :
SQL> select name, userid, passwordx from sys.link$ where name=’TEST_LINK.REGRESS.RDBMS.DEV.US.ORACLE.COM’;
NAME USERID PASSWORDX
——————————————————————————–
TEST_LINK.REGRESS.RDBMS.DEV.US.ORACLE.COM OSAMA 05CB53401E442441B428B900A97DE31A10
as you see the password is saved as hash, and can be decrypt .
But what if :
SQL> SELECT DBMS_METADATA.GET_DDL(‘DB_LINK’,’TEST_LINK.REGRESS.RDBMS.DEV.US.ORACLE.COM’) from dual ;
Check the output below :
CREATE DATABASE LINK “TEST_LINK”
CONNECT TO “Osama” IDENTIFIED BY VALUES ‘05CB53401E442441B428B900A97DE31A10‘
another security Issue of using Database link.
Imagine what could be happened next.
Thank you
Osama Mustafa