how to secure password in db_links

[yxez]

Hi Davey & Friends

I have created a database links to other server but when
I select * from user_db_links i can see the user password.
Can it be hidden or decripted?


Thanks

[robertbalmer]

DBLINK_ENCRYPT_LOGIN specifies whether or not attempts to connect to other Oracle servers through database links should use encrypted passwords.

This should help

[hacketta1]

Create an account on the other database with the same username and password:

Code:

username@DEVLDB> create database link test using 'TESTDB';

Database link created.

username@DEVLDB> select sysdate from dual@test;

SYSDATE
---------
15-MAR-06

username@DEVLDB> select username, password from user_db_links where db_link = 'TEST';

USERNAME                       PASSWORD
------------------------------ ------------------------------


username@DEVLDB>

[marist89]

Create an account on the other database with the same username and password:

IMHO, that's the best way to do it. It forces you to be authenticated against the remote db. Sometimes it makes calling packages on the remote instance a little tricky, but nothing you can't get around.

[yxez]

Thanks friends,

I'm a lil' bit confused though...

Say if I have connect string in TNSNAMES.ORA which is ORA10G.

What i did before was:

sql> create database link ORA10G_LNK connect to scott identified by tiger using 'ORA10G';

Do u mean to encrypt password i can do it this way?

sql> create database link ORA10G_LNK using 'ORA10G';

How do I know which schema should i get the table from in case
they have the same table name?

Do i have to qualify it like this:

select * from scott.emp@ora10g_lnk;
select * from user1.emp@ora10g_lnk;


Thanks

[davey23uk]

it connects to the same schema as what you are in now

[bhas]

Create OPS$ user id on both the DBs and use this userid in DB link. So you need not to worry if password of this user is modified.

[davey23uk]

Create OPS$ user id on both the DBs and use this userid in DB link. So you need not to worry if password of this user is modified.

errrr no

[hacketta1]

I select * from user_db_links i can see the user password. Can it be hidden or decripted?

Do u mean to encrypt password i can do it this way?

The method I showed you hides the password. In 9iR2 onwards the default behaviour is encrypt all password exchanges. In other words, you control the appearance of a password in user_db_links via how you create the database link. In terms of how the password is sent across the network, it is encrypted by default in 9iR2. In lower versions use dblink_encrypt_login (you receive a warning if you set this in 9iR2+).