Re: Some idea for the security hole in database links

• From: D'Hooge Freek <Freek.DHooge@xxxxxxxxx>
• To: "jcdrpllist@xxxxxxxxx" <jcdrpllist@xxxxxxxxx>
• Date: Thu, 16 Jan 2014 08:07:08 +0000

Hi,

One way to reduce the risk is to not have the database link connect to the 
schema owning the objects you are trying to reach, but instead connect it to a 
separate schema that only gets the privileges required to access that required 
object(s).

For the password enabled roles, is this not something that should be done on 
the db link "start point".
eg to protect the views (or packages) in which 
"table@db_link<mailto:table@db_link>" is used?


kind regards,

--
Freek D'Hooge
Uptime
Oracle Database Administrator
email: freek.dhooge@xxxxxxxxx<mailto:freek.dhooge@xxxxxxxxx>
tel +32(03) 451 23 82
http://www.uptime.be





On wo, 2014-01-15 at 17:02 -0400, Juan Carlos Reyes Pacheco wrote:
Hello,
I think you know If you use database links once you connect the user, you have 
all the privileges the link has.
Even if you reduce to the minimum  the privileges the user you use to connect 
the database links, that privileges are enabled from the beggining.


You don't have something like enable role with password in users.


I don't know if some one please knows how to avoid the security problem, I 
supposed Oracle was going to do something but I don't see he's planning to 
create a solution to make secure the database links.
The only solution I had seen is not to use database links.


Thank you

• References:
  • Some idea for the security hole in database links
    • From: Juan Carlos Reyes Pacheco

Other related posts:

• » Some idea for the security hole in database links- Juan Carlos Reyes Pacheco
• » Re: Some idea for the security hole in database links - D'Hooge Freek

1. Home
2. oracle-l
3. Archive
4. 01-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---