Re: Regarding Oracle SCN Issue/Infoworld article

On Fri, Jan 20, 2012 at 1:21 PM, Taylor, Chris David
<ChrisDavid.Taylor@xxxxxxxxxxxxxxx> wrote:
> Marcin – are you saying that you confirmed a local created copy of an oracle
> database could generate the SCN problem on a remote database?

Yes
>
> A coworker asked me about this same scenario:
>
> - Malicious user creates a local Oracle database (say, XE) and connects it
> to a remote corporate database via database link
> - User then artificially raises the SCN in his local database and connects
> to the remote, corporate database


That was my case - XE database 11.2.0.2 with SCN number pushed very
high and database link to other
11.2.0.2 database. User used for db link had a create session plus
schema privileges.
> - User creates a transaction to the remote database

You don't need to start a transaction I just did

select * from dual@dblink

and SCN on remote DB has been updated using SCN from my XE DB.

>
> In *theory* the remote Oracle database should REJECT this transaction
> because the SCN number is now too high and return an error back to the
> remote database.

It didn't happen - SCN had been updated.

-- 
Marcin Przepiorowski
http://oracleprof.blogspot.com
--
http://www.freelists.org/webpage/oracle-l


Other related posts: