Pau Lo
asked on
DBA_DB_LINKS internal or external
if our database has an entry to another database in DBA_DB_LINKS , does that mean an account in our database can access this remote database (i.e. extract data from or insert data into), or that this remote database can access/insert data into our database?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The account information is stored as part of the link. That should be in DBA_DB_LINKS. As far as what they are doing, I believe the only way to determine that is by turning on auditing. To the database that is being connected to, it looks just like any other connection.
ASKER
im a little lost (happens easily), but in dba_db_links I should see both inbound and outbound links,
i.e. our db has access to remote database XYZ
and vice versa,
i..e external DB can access our DB using account XYZ
does this view contain credentials as well, i.e. if our db can access external db, persumably there is a password involved (for an account in their db), so where is that stored?
i.e. our db has access to remote database XYZ
and vice versa,
i..e external DB can access our DB using account XYZ
does this view contain credentials as well, i.e. if our db can access external db, persumably there is a password involved (for an account in their db), so where is that stored?
DBA_DB_LINKS is outbound links only. There are no inbound links in DBA_DB_LINKS. Really a database link is just a holder for a connection string that tells Oracle how to get to the database on the other side of the link. There is no need for inbound links, they just come through as a normal connection.
If you look at the HOST and USER columns in DBA_DB_LINKS, that is the connect information for the outbound link. HOST refers to the tnsnames entry that points to the database and USER is the user that is connected to.
In your example, external DB can access our DB using account XYZ, the database link for this would be in the external database and there is no link in the local database to support this. Access is controlled through the XYZ account that is in the local database. The link has the same privileges as the user XYZ in the local database. If there is no link in the external database, then there cannot be a connection made through a link to the local database.
If you look at the HOST and USER columns in DBA_DB_LINKS, that is the connect information for the outbound link. HOST refers to the tnsnames entry that points to the database and USER is the user that is connected to.
In your example, external DB can access our DB using account XYZ, the database link for this would be in the external database and there is no link in the local database to support this. Access is controlled through the XYZ account that is in the local database. The link has the same privileges as the user XYZ in the local database. If there is no link in the external database, then there cannot be a connection made through a link to the local database.
ASKER
ok thanks, but theres no obvious way within your database to determine which external databases are accessing your database (i.e. updating, extracting or inserting) via a link?
If a database link was still open, you could identify the session in V$SESSION by looking at the MACHINE column. But there is no way to distinguish a link for a standard session that I know of. As for what the session is doing, some form of auditing would be the only way that you could find that out.
Again, what can be done through the link is controlled by the privileges of the user that is being connected to. If they are connecting to XYZ user and that user doesn't have privileges to update, then you cannot update over the link.
Again, what can be done through the link is controlled by the privileges of the user that is being connected to. If they are connecting to XYZ user and that user doesn't have privileges to update, then you cannot update over the link.
ASKER