0

I'm trying to think of security problems using private/public dblinks.

You can see what I'm talking about in the picture below

image

So, as shown in the picture (right option is public and left one is private) which one do you think is safe?

brasofilo
  • 25,496
  • 15
  • 91
  • 179
Sirotoshi pizdetz
  • 234
  • 2
  • 8
  • i'm not sure i understand the question. private dblink is one only the schema can access. public dblink is a private dblink with a global synonym. which one is safer ? probably the privet one. is that what you ment ? – haki Apr 24 '13 at 17:33

1 Answers1

3

I would suggest using private database links and create views for the tables you need to access over a database link.

So, if you have a database db1 with users user1db1, user2db1 and user3db1 that need to access table1 in another database db2, do like this:

  1. create a user linksdb1.
  2. Let that user own a private db link to db2.
  3. Create a view linksdb1.table1 for table1@db2
  4. grant user1db1, user2db1 and user3db1 rights to the view.

There are two reasons for this:

  • Security. By doing this you have full control over which users are allowed to access the table over the database link, because they need access to the view.
  • Maintainability. You don't need to include the dblink in the SQL, from user1db1's point of view he is accessing a table named linksdb1.table1, instead of table1@db2. This way, if you move the table to yet another database, db3, you only need to change the view, not all the SQLs.
GTG
  • 4,914
  • 2
  • 23
  • 27