Prior 10g, password for DB link stores in DB with clear text, it has been changed since 10g.
Oracle 9i
@>show user
USER is “TEST”
@>create database link l_test connect to test identified by test using ‘test’;
Database link created.
@>select dbms_metadata.get_ddl(’DB_LINK’,’L_TEST’,user) from dual;
DBMS_METADATA.GET_DDL(’DB_LINK’,’L_TEST’,USER)
——————————————————————————–
CREATE DATABASE LINK “L_TEST”
CONNECT TO “TEST” IDENTIFIED BY “TEST“
USING ‘test’
@>conn /as sysdba
Connected.
@>select NAME,USERID,PASSWORD from link$;
NAME USERID PASSWORD
—————————— —————————— ——————————
L_TEST TEST TEST
10g
test@TEST>show user
USER is “TEST”
test@TEST>create database link l_chen connect to test identified by test using ‘chen’;
Database link created.
test@TEST>select DB_LINK,USERNAME from user_db_links;
DB_LINK USERNAME
————————————————– ——————————
L_CHEN.REGRESS.RDBMS.DEV.US.ORACLE.COM TEST
test@TEST>select dbms_metadata.get_ddl(’DB_LINK’,’L_CHEN.REGRESS.RDBMS.DEV.US.ORACLE.COM’,user) from dual;
DBMS_METADATA.GET_DDL(’DB_LINK’,’L_CHEN.REGRESS.RDBMS.DEV.US.ORACLE.COM’,USER)
——————————————————————————–
CREATE DATABASE LINK “L_CHEN.REGRESS.RDBMS.DEV.US.ORACLE.COM”
CONNECT TO “TEST” IDENTIFIED BY VALUES ‘05C9398288555E95E498B33A68083EDD2E’
USING ‘chen’
test@TEST>conn /as sysdba
Connected.
sys@TEST>select NAME,USERID,PASSWORD,PASSWORDX from link$;
NAME USERID PASSWORD PASSWORDX
—————————————- ———- ———- —————————————-
L_CHEN.REGRESS.RDBMS.DEV.US.ORACLE.COM TEST 05C9398288555E95E498B33A68083EDD2E
The DBLINK_ENCRYPT_LOGIN initialization parameter is used for connections between two Oracle servers (for example, when performing distributed queries).
Whenever you attempt to connect to a server using a password, Oracle encrypts the password before sending it to the server. If the connection fails and auditing is enabled, the failure is noted in the audit log. Oracle then checks the appropriate DBLINK_ENCRYPT_LOGIN. If it set to FALSE, Oracle attempts the connection again using an unencrypted version of the password. If the connection is successful, the connection replaces the previous failure in the audit log, and the connection proceeds. To prevent malicious users from forcing Oracle to re-attempt a connection with an unencrypted version of the password, you must set the appropriate values to TRUE.
Very nice post, keep it up buddy.
cheers
Mehmood
Comment by Mehmood — May 1, 2009 @ 11:55 am |