Yaping's Weblog

September 2, 2008

DB Link

Filed under: Oracle — Yaping @ 2:26 am
Tags:

Prior 10g, password for DB link stores in DB with clear text, it has been changed since 10g.

Oracle 9i
@>show user
USER is “TEST”
@>create database link l_test connect to test identified by test using ‘test’;
Database link created.
@>select dbms_metadata.get_ddl(’DB_LINK’,’L_TEST’,user) from dual;
DBMS_METADATA.GET_DDL(’DB_LINK’,’L_TEST’,USER)
——————————————————————————–
  CREATE DATABASE LINK “L_TEST”
   CONNECT TO “TEST” IDENTIFIED BY “TEST“
   USING ‘test’

@>conn /as sysdba
Connected.
@>select NAME,USERID,PASSWORD from link$;
NAME                           USERID                         PASSWORD
—————————— —————————— ——————————
L_TEST                         TEST                           TEST

 
10g
test@TEST>show user
USER is “TEST”
test@TEST>create database link l_chen connect to test identified by test using ‘chen’;
Database link created.
test@TEST>select DB_LINK,USERNAME from user_db_links;
DB_LINK                                            USERNAME
————————————————– ——————————
L_CHEN.REGRESS.RDBMS.DEV.US.ORACLE.COM             TEST
test@TEST>select dbms_metadata.get_ddl(’DB_LINK’,’L_CHEN.REGRESS.RDBMS.DEV.US.ORACLE.COM’,user) from dual;
DBMS_METADATA.GET_DDL(’DB_LINK’,’L_CHEN.REGRESS.RDBMS.DEV.US.ORACLE.COM’,USER)
——————————————————————————–
  CREATE DATABASE LINK “L_CHEN.REGRESS.RDBMS.DEV.US.ORACLE.COM”
   CONNECT TO “TEST” IDENTIFIED BY VALUES ‘05C9398288555E95E498B33A68083EDD2E’
   USING ‘chen’

test@TEST>conn /as sysdba
Connected.
sys@TEST>select NAME,USERID,PASSWORD,PASSWORDX from link$;
NAME                                     USERID     PASSWORD   PASSWORDX
—————————————- ———- ———- —————————————-
L_CHEN.REGRESS.RDBMS.DEV.US.ORACLE.COM   TEST                  05C9398288555E95E498B33A68083EDD2E

 
The DBLINK_ENCRYPT_LOGIN initialization parameter is used for connections between two Oracle servers (for example, when performing distributed queries).
Whenever you attempt to connect to a server using a password, Oracle encrypts the password before sending it to the server. If the connection fails and auditing is enabled, the failure is noted in the audit log. Oracle then checks the appropriate DBLINK_ENCRYPT_LOGIN. If it set to FALSE, Oracle attempts the connection again using an unencrypted version of the password. If the connection is successful, the connection replaces the previous failure in the audit log, and the connection proceeds. To prevent malicious users from forcing Oracle to re-attempt a connection with an unencrypted version of the password, you must set the appropriate values to TRUE.

Advertisements

1 Comment »

  1. Very nice post, keep it up buddy.

    cheers
    Mehmood

    Comment by Mehmood — May 1, 2009 @ 11:55 am | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: