Tuesday, December 19, 2006

SYS.Link$ stores password!

SYS.Link$ stores password!

Version 10.1.0.2 (tested on 9i version also)
OS Windows (tested on Unix versions also)

Let’s create a DB link:

SQL> connect / as sysdba – you may connect as different user also
Connected.

SQL> create public database link test connect to sac identified by arora using
2 'sac';

Database link created.

SQL> desc sys.link$ -- you need to be SYS user to select from this table
Name Null? Type
----------------------------------------- -------- ----------------------------
OWNER# NOT NULL NUMBER
NAME NOT NULL VARCHAR2(128)
CTIME NOT NULL DATE
HOST VARCHAR2(2000)
USERID VARCHAR2(30)
PASSWORD VARCHAR2(30)
FLAG NUMBER
AUTHUSR VARCHAR2(30)
AUTHPWD VARCHAR2(30)


SQL> select name,userid,password from link$ where name='TEST';

NAME USERID PASSWORD
------------------------------ ---------- ------------------------------
TEST SAC ARORA

Here you go. The password for SAC user is stored without encryption. This makes me feel jittery about creating db links.

2 comments:

vaibhav said...

Hi Sachin,

No need to feel jittery in Oracle Database 10g R2.


SQL> select * from v$version;
BANNER
----------------------------------------------------------------
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
PL/SQL Release 10.2.0.1.0 - Production
CORE 10.2.0.1.0 Production
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
NLSRTL Version 10.2.0.1.0 - Production

SQL> create database link ora10gr2db1 connect to scott identified by tiger using 'ora10gr2db1';
Database link created.

SQL> select userid,nvl(password,'unknown'),passwordx from sys.link$ where name='ORA10GR2DB1';

SCOTT unknown
05C3927784FDCD5589D74B88E1E1D4D777

Regards,
Vaibhav

Sachin said...

Hi vaibhav,

Good you pointed of this new change in rel2. I tested the above in 10g rel1 and in 9i versions.

Sachin