Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Apr 25th, 2018, 8:31pm
News: If you would like to register contact the forum admin
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Security
(Moderator: Pete Finnigan)$
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic:$  (Read 11354 times)
robotto Newbie

I love YaBB 1G - SP1!

View Profile |

Posts: 4$
« on: Jun 23rd, 2010, 11:17am »
Quote | Modify

Hi, am I correct in stating that although$ pre Oracle10g is available only to sys, not all dba’s should have access to passwords of fixed database links therefore there is a security risk
IP Logged
Pete Finnigan Administrator

Oracle Security is easier if you design for it

View Profile | WWW | Email

Gender: male
Posts: 309
« Reply #1 on: Jun 28th, 2010, 9:41am »
Quote | Modify

Yes you are correct. There are a number of more subtle issues here. The first is that a lot of sites by default allow DBA's access to SYS and SYSTEM and of course SYS can view this table and see passwords pre 10g and decrypt them post 10gR2. The more subtle issue is that in designing your DNA roles you must take care to not effectively make anoither SYS or allow easy access to SYS.  
Also in this case you must review existing links and why they exist. There should be no PUBLIC links. Also remember that a fixed link with a password is better in one sense in that if you chose to use a concurrent or connected user link you are effectively saying its OK to set the same password in multiple databases. My view is seperate passwords, links ONLY if you absolutely need them, they must be private and only SYSDBA should be able to read LINK$.
IP Logged

Pete Finnigan (
Oracle Security Web site:
Oracle security blog:
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board