Re: Regarding Oracle SCN Issue/Infoworld article

From: Marcin Przepiorowski <pioro1_at_gmail.com>
Date: Fri, 20 Jan 2012 15:38:37 +0000
Message-ID: <CAGdek=xyxjXRA1=aNQDvEhQdiubvgz=me5pbWS7GEa76OzYuQA_at_mail.gmail.com>

On Fri, Jan 20, 2012 at 1:21 PM, Taylor, Chris David <ChrisDavid.Taylor_at_ingrambarge.com> wrote:
> Marcin � are you saying that you confirmed a local created copy of an oracle
> database could generate the SCN problem on a remote database?

Yes
>
> A coworker asked me about this same scenario:
>
> - Malicious user creates a local Oracle database (say, XE) and connects it
> to a remote corporate database via database link
> - User then artificially raises the SCN in his local database and connects
> to the remote, corporate database

That was my case - XE database 11.2.0.2 with SCN number pushed very high and database link to other
11.2.0.2 database. User used for db link had a create session plus schema privileges.
> - User creates a transaction to the remote database

You don't need to start a transaction I just did

select * from dual_at_dblink

and SCN on remote DB has been updated using SCN from my XE DB.

>
> In *theory* the remote Oracle database should REJECT this transaction
> because the SCN number is now too high and return an error back to the
> remote database.

It didn't happen - SCN had been updated.

-- 
Marcin Przepiorowski
http://oracleprof.blogspot.com
--
http://www.freelists.org/webpage/oracle-l

Received on Fri Jan 20 2012 - 09:38:37 CST

This message: [ Message body ]
Next message: Allen, Brandon: "RE: infoworld call"
Previous message: Denis: "active session waiting for SQL*Net more data from client for very long time"
In reply to: Taylor, Chris David: "Regarding Oracle SCN Issue/Infoworld article"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message