Security: EAL4 and Database Links

#1

In my quest to comply with EAL4 evaluationsI came across the following
in the Oracle Documentation and got confused, I hope that someone
might understand this better than me:

Quote:

[DB.AC-6] Each database link must be defined such that users who refer to the link are connected to an identically named normal user account in the secondary or remote database, that is the database link must be defined without reference to a single normal user account to which all users referencing the link would otherwise be connected.

Does this mean one should only use CURRENT_USER Database Links as
described in Metalink Note:264872.1? Or does it mean something else?

I appreciate your help.

#2

On 23 May 2007 09:28:03 -0700, "bernard (bernard_at_bosvark.com)"
<bosvark2000 (AT) googlemail (DOT) com> wrote:

Quote:

In my quest to comply with EAL4 evaluationsI came across the following
in the Oracle Documentation and got confused, I hope that someone
might understand this better than me:

[DB.AC-6] Each database link must be defined such that users who refer to the link are connected to an identically named normal user account in the secondary or remote database, that is the database link must be defined without reference to a single normal user account to which all users referencing the link would otherwise be connected.

Does this mean one should only use CURRENT_USER Database Links as
described in Metalink Note:264872.1? Or does it mean something else?

I appreciate your help.

This means the database link needs to be set up as
create database link foo using 'bar'
instead of
create database link foo connect to scott identified by tiger using
'bar'

Guess this text comes from one of their lawyers.

--
Sybrand Bakker
Senior Oracle DBA

#3

On May 23, 6:24 pm, sybra... (AT) hccnet (DOT) nl wrote:

Quote:

On 23 May 2007 09:28:03 -0700, "bernard (bernard_at_bosvark.com)"

bosvark2... (AT) googlemail (DOT) com> wrote:
In my quest to comply with EAL4 evaluationsI came across the following
in the Oracle Documentation and got confused, I hope that someone
might understand this better than me:

[DB.AC-6] Each database link must be defined such that users who refer to the link are connected to an identically named normal user account in the secondary or remote database, that is the database link must be defined without reference to a single normal user account to which all users referencing the link would otherwise be connected.

Does this mean one should only use CURRENT_USER Database Links as
described in Metalink Note:264872.1? Or does it mean something else?

I appreciate your help.

This means the database link needs to be set up as
create database link foo using 'bar'
instead of
create database link foo connect to scott identified by tiger using
'bar'

Guess this text comes from one of their lawyers.

--
Sybrand Bakker
Senior Oracle DBA

Thank you Sybrand, now I can move forward. Apparently, when using the
"identified by" phrase when creating a dblink, the password is stored
in clear text, I'm trying to verify that, but my workstations's hard
drive is playing up. Will post result.

Regards
Bernard

#4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

bernard (bernard_at_bosvark.com) wrote:

Quote:

On May 23, 6:24 pm, sybra... (AT) hccnet (DOT) nl wrote:
On 23 May 2007 09:28:03 -0700, "bernard (bernard_at_bosvark.com)"

bosvark2... (AT) googlemail (DOT) com> wrote:
In my quest to comply with EAL4 evaluationsI came across the following
in the Oracle Documentation and got confused, I hope that someone
might understand this better than me:
[DB.AC-6] Each database link must be defined such that users who refer to the link are connected to an identically named normal user account in the secondary or remote database, that is the database link must be defined without reference to a single normal user account to which all users referencing the link would otherwise be connected.
Does this mean one should only use CURRENT_USER Database Links as
described in Metalink Note:264872.1? Or does it mean something else?
I appreciate your help.
This means the database link needs to be set up as
create database link foo using 'bar'
instead of
create database link foo connect to scott identified by tiger using
'bar'

Guess this text comes from one of their lawyers.

--
Sybrand Bakker
Senior Oracle DBA

Thank you Sybrand, now I can move forward. Apparently, when using the
"identified by" phrase when creating a dblink, the password is stored
in clear text, I'm trying to verify that, but my workstations's hard
drive is playing up. Will post result.

Regards
Bernard

Select from link$

- --
Regards,
Frank van Bortel

Top-posting is one way to shut me up...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFGWDkgLw8L4IAs830RAiVYAJ9BWm+RzQTwnKvvjbO8bx 9rmkyB3gCeIRMP
vaW0UYHkap48aDBZhgv0CkQ=
=cEV3
-----END PGP SIGNATURE-----

#5

Frank van Bortel schrieb:

Quote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

bernard (bernard_at_bosvark.com) wrote:
On May 23, 6:24 pm, sybra... (AT) hccnet (DOT) nl wrote:
On 23 May 2007 09:28:03 -0700, "bernard (bernard_at_bosvark.com)"

bosvark2... (AT) googlemail (DOT) com> wrote:
In my quest to comply with EAL4 evaluationsI came across the following
in the Oracle Documentation and got confused, I hope that someone
might understand this better than me:
[DB.AC-6] Each database link must be defined such that users who refer to the link are connected to an identically named normal user account in the secondary or remote database, that is the database link must be defined without reference to a single normal user account to which all users referencing the link would otherwise be connected.
Does this mean one should only use CURRENT_USER Database Links as
described in Metalink Note:264872.1? Or does it mean something else?
I appreciate your help.
This means the database link needs to be set up as
create database link foo using 'bar'
instead of
create database link foo connect to scott identified by tiger using
'bar'

Guess this text comes from one of their lawyers.

--
Sybrand Bakker
Senior Oracle DBA

Thank you Sybrand, now I can move forward. Apparently, when using the
"identified by" phrase when creating a dblink, the password is stored
in clear text, I'm trying to verify that, but my workstations's hard
drive is playing up. Will post result.

Regards
Bernard

Select from link$

- --
Regards,
Frank van Bortel

Top-posting is one way to shut me up...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFGWDkgLw8L4IAs830RAiVYAJ9BWm+RzQTwnKvvjbO8bx 9rmkyB3gCeIRMP
vaW0UYHkap48aDBZhgv0CkQ=
=cEV3
-----END PGP SIGNATURE-----

In recent oracle versions this is no more the case - password won't
stored in plain text.

Best regards

Maxim

#6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Maxim Demenko wrote:

Quote:

Frank van Bortel schrieb:
Select from link$

In recent oracle versions this is no more the case - password won't
stored in plain text.

Best regards

Maxim

Correct; and it is just as easy to have them sent over
the communication lines encrypted.
- --
Regards,
Frank van Bortel

Top-posting is one way to shut me up...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFGWIwHLw8L4IAs830RAocQAKCbILmd/OK9wPAjzaSbmcUBDQo8pwCeOFco
/Vv2OO9gU7t1FIL53KUukf8=
=w7JK
-----END PGP SIGNATURE-----

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Security: EAL4 and Database Links

comp.databases.oracle.server comp.databases.oracle.server

Security: EAL4 and Database Links - 05-23-2007 , 11:28 AM

Re: Security: EAL4 and Database Links - 05-23-2007 , 12:24 PM

Re: Security: EAL4 and Database Links - 05-24-2007 , 04:45 AM

Re: Security: EAL4 and Database Links - 05-26-2007 , 08:41 AM

Re: Security: EAL4 and Database Links - 05-26-2007 , 09:12 AM

Re: Security: EAL4 and Database Links - 05-26-2007 , 02:35 PM