Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: DBLINKs in critical production system
Till 9i I see Sys.Link$ has clear text password but not in 10gR2. Can I
consider that security hole is patched in 10gR2?10gR1 I haven't checked.
( Leaving aside the performance hit problem)
From: JApplewhite_at_austinisd.org [mailto:JApplewhite_at_austinisd.org]
Sent: Monday, April 30, 2007 11:55 AM
To: Thotangare, Ajay (GTI)
Cc: oracle-l_at_freelists.org; oracle-l-bounce_at_freelists.org
Subject: Re: DBLINKs in critical production system
Ajay,
Depends (as usual). If the DB Links are FROM the Prod system TO others and you're careful about which User you connect to on the other end, then you're probably OK, though others might have issues. You've got to be very careful about DB Links from other databases TO Prod. Those can become "back doors" to get at your Prod data.
Also, up through 9i the Password column in the Sys.Link$ table was in plain text - not in my 10.2 database, though. Anyone with Select Any Dictionary priv could see the passwords. Obviously, a gaping security hole to make sure you plug.
DB Links can also be a performance bottleneck if you're dragging lots of data from other databases back to Prod across a LAN/WAN. If the other database(s) is(are) on the same server as Prod, then having the DB Links use IPC greatly reduces the performance hit.
DB Links can be useful, even in Prod, but require great care in implementation, IMHO.
Jack C. Applewhite - Database Administrator Austin (Texas) Independent School District 512.414.9715 (wk) / 512.935.5929 (pager)
Same-Day Stump Grinding! Senior Discounts!
"Thotangare, Ajay \(GTI\)" <Ajay_Thotangare_at_ml.com> Sent by: oracle-l-bounce_at_freelists.org
04/30/2007 10:32 AM
Please respond to
Ajay_Thotangare_at_ml.com
To
<oracle-l_at_freelists.org>
cc
Subject
DBLINKs in critical production system
Hi Group,
I have a question about dblink. I always hear that
Can anybody please let me know the reason for such comments on dblinks.
regards,
Ajay
If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail. http://www.ml.com/email_terms/
-- http://www.freelists.org/webpage/oracle-lReceived on Mon Apr 30 2007 - 11:07:13 CDT
![]() |
![]() |