Solved

Secure Oracle Database link method

Posted on 2008-06-17
1
566 Views
Last Modified: 2013-12-19
I need the syntax for a Oracle Database link that offers the best security if a user needs to link to our database. We would like to be able to control the passwords and the user of the link shouldn't know the passwords of the link or  be able to get into our remote system if they ever got into our building and had access to our PC's
0
Comment
Question by:7Souls
1 Comment
 
LVL 73

Accepted Solution

by:
sdstuber earned 500 total points
Comment Utility
it's not so much the link itself then as the user that will log into the database to use the link.
If they user can read sys.link$ then he/she can read the passwords.


Similarly, if the account on the remote system has extra privileges then don't let the user use that link at all.


the best way I know of is to create an unauthenticated link.


CREATE DATABASE LINK my_link  USING 'mydatabase';

this creates a private link, so it's only usable to the owner if the user you're interested in isn't the owner, then he/she can't use it.

if you want them to use it, then create it public, or create it under that user's schema.


With a database link like that,  you see it has no user or password.  In that case.  when you use the link  the current users' username and password are sent to the remote system.  So  the user logs in as themself and only as themself.   So they have only the permissions they have if they were to log in to the remote system directly.  If that's no permissions at all, then the link won't work for them.






0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Article by: Swadhin
From the Oracle SQL Reference (http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/queries006.htm) we are told that a join is a query that combines rows from two or more tables, views, or materialized views. This article provides a glimps…
Truncate is a DDL Command where as Delete is a DML Command. Both will delete data from table, but what is the difference between these below statements truncate table <table_name> ?? delete from <table_name> ?? The first command cannot be …
This video shows how to copy a database user from one database to another user DBMS_METADATA.  It also shows how to copy a user's permissions and discusses password hash differences between Oracle 10g and 11g.
This video shows setup options and the basic steps and syntax for duplicating (cloning) a database from one instance to another. Examples are given for duplicating to the same machine and to different machines

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now