RE: DBLINKs in critical production system

• From: "Thotangare, Ajay \(GTI\)" <Ajay_Thotangare@xxxxxx>
• To: <JApplewhite@xxxxxxxxxxxxx>
• Date: Mon, 30 Apr 2007 12:07:13 -0400

Till 9i I see Sys.Link$ has clear text password but not in 10gR2. Can I
consider that security hole is patched in 10gR2?10gR1 I haven't checked.
( Leaving aside the performance hit problem)

 

  _____  

From: JApplewhite@xxxxxxxxxxxxx [mailto:JApplewhite@xxxxxxxxxxxxx] 
Sent: Monday, April 30, 2007 11:55 AM
To: Thotangare, Ajay (GTI)
Cc: oracle-l@xxxxxxxxxxxxx; oracle-l-bounce@xxxxxxxxxxxxx
Subject: Re: DBLINKs in critical production system

 


Ajay, 

Depends (as usual).  If the DB Links are FROM the Prod system TO others
and you're careful about which User you connect to on the other end,
then you're probably OK, though others might have issues.  You've got to
be very careful about DB Links from other databases TO Prod.  Those can
become "back doors" to get at your Prod data. 

Also, up through 9i the Password column in the Sys.Link$ table was in
plain text - not in my 10.2 database, though.  Anyone with Select Any
Dictionary priv could see the passwords.  Obviously, a gaping security
hole to make sure you plug. 

DB Links can also be a performance bottleneck if you're dragging lots of
data from other databases back to Prod across a LAN/WAN.  If the other
database(s) is(are) on the same server as Prod, then having the DB Links
use IPC greatly reduces the performance hit. 

DB Links can be useful, even in Prod, but require great care in
implementation, IMHO. 

Jack C. Applewhite - Database Administrator
Austin (Texas) Independent School District
512.414.9715 (wk)  /  512.935.5929 (pager)

Same-Day Stump Grinding!  Senior Discounts!
        -- Mike's Tree Service





"Thotangare, Ajay \(GTI\)" <Ajay_Thotangare@xxxxxx> 
Sent by: oracle-l-bounce@xxxxxxxxxxxxx 

04/30/2007 10:32 AM 

Please respond to
Ajay_Thotangare@xxxxxx

To

<oracle-l@xxxxxxxxxxxxx> 

cc

 

Subject

DBLINKs in critical production system

 

 

 




Hi Group, 

I have a question about dblink. I always hear that 

- dblinks are not good in production system. 

- dblink , ohh!! not in critical production system 

- dblink are not safe 

Can anybody please let me know the reason for such comments on dblinks. 

regards, 

Ajay
--------------------------------------------------------

If you are not an intended recipient of this e-mail, please notify the sender, 
delete it and do not read, act upon, print, disclose, copy, retain or 
redistribute it. Click here for important additional terms relating to this 
e-mail.     http://www.ml.com/email_terms/
--------------------------------------------------------

• » DBLINKs in critical production system
• » Re: DBLINKs in critical production system
• » RE: DBLINKs in critical production system
• » RE: DBLINKs in critical production system
• » Re: DBLINKs in critical production system
• » RE: DBLINKs in critical production system
• » RE: DBLINKs in critical production system
• » Re: DBLINKs in critical production system
• » Re: DBLINKs in critical production system
• » RE: DBLINKs in critical production system
• » Re: DBLINKs in critical production system
• » Re: DBLINKs in critical production system
• » RE: DBLINKs in critical production system
• » RE: DBLINKs in critical production system
• » RE: DBLINKs in critical production system
• » Re: DBLINKs in critical production system
• » Re: DBLINKs in critical production system

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription