| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Select any dictionary role
Hi,
The access to LINK$ was revoked from the select any dictionary role as part of patch 3121872 which can be applied on top of Oracle 9.2.0.2 & above and is no longer an issue in 10G.
Also the password for a dblink is no longer visible in clear text in 10Gr2.
Regards,
Fairlie
Jacques Kilchoer <Jacques.Kilchoer_at_quest.com> wrote: I think it was Mr. Finnigan that pointed out on this list once that if you create a database link like this: create database link MY_LINK connect to SOME_USER identified by SOME_USER_PASSWORD using 'tns_alias' ; Then a user with 'SELECT ANY DICTIONARY' would be able to see the password in clear text with this query: select * from sys.link$ ;
>From an Oracle 9.2 database
SQL> create database link X.Y.Z
2 connect to SOME_USER identified by SOME_USER_PASSWORD
3 using 'tns_alias' ;
Lien de base de données créé.
SQL> select userid, password from sys.link$ where name = 'X.Y.Z' ; USERID PASSWORD
------------------------------ ------------------------------SOME_USER SOME_USER_PASSWORD
Just wanted to get your thoughts ... is there any "danger" to granting developers the SELECT ANY DICTIONARY role in the database? (IMHO, they don't particulary need such "open" access, however tools such as OEM require it for login apparently).
-- http://www.freelists.org/webpage/oracle-l Fairlie Rego Senior Oracle Consultant Optus Telecommunications www.optus.com.au Mobile: +61 4 02 792 405 Home: +61 2 8920 0273 When I read about the evils of drinking, I gave up reading. --------------------------------- Yahoo! Music Unlimited - Access over 1 million songs. Try it free. -- http://www.freelists.org/webpage/oracle-lReceived on Mon Oct 17 2005 - 18:15:00 CDT
 |
 |