RE: Select any dictionary role
- From: "Jacques Kilchoer" <Jacques.Kilchoer@xxxxxxxxx>
- To: <fred_fred_1@xxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
- Date: Mon, 17 Oct 2005 14:50:32 -0700
I think it was Mr. Finnigan that pointed out on this list once that if you
create a database link like this:
create database link MY_LINK connect to SOME_USER identified by
SOME_USER_PASSWORD using 'tns_alias' ;
Then a user with 'SELECT ANY DICTIONARY' would be able to see the password in
clear text with this query:
select * from sys.link$ ;
From an Oracle 9.2 database
SQL> create database link X.Y.Z
2 connect to SOME_USER identified by SOME_USER_PASSWORD
3 using 'tns_alias' ;
Lien de base de données créé.
SQL> select userid, password from sys.link$ where name = 'X.Y.Z' ;
USERID PASSWORD
------------------------------ ------------------------------
SOME_USER SOME_USER_PASSWORD
SQL>
-----Message d'origine-----
De : oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] De la
part de Fred Smith
Just wanted to get your thoughts ... is there any "danger" to granting
developers the SELECT ANY DICTIONARY role in the database? (IMHO, they don't
particulary need such "open" access, however tools such as OEM require it
for login apparently).
--
//www.freelists.org/webpage/oracle-l
Other related posts:
