Monday, December 30, 2013

How to create dblink using encrypted password (identified by values)

1. Often there are situations where one needs create database link but doesn't know destination schema password, only name of schema is known. The password (identified by values 'long_string_of_values') can be selected from the output (on destination database) using command

SQL> select dbms_metadata.get_ddl ('USER',username) from dual ;

'identified by values' part of the output can be used in create database link statement, an also for create another user with the same password.

This works only with versions of Oracle Database till 11.2.0.4 in cases of creating/duplicating database links, but this 'technique' can be used to prolong expired schema passwords on databases 11.2.0.4 and newer.

2. Another 'solution' working only with versions of Oracle Database till 11.2.0.4, can be used to obtain password string from existing database link.

There is a view called KU$_DBLINK_VIEW. In column PASSWORDX it contains encrypted dblink-like password (not like in USER$). That string can be used as password in clause identified by values of CREATE DATABASE LINK command:

SQL> create database link link_name connect to username identified by values 'PASSWORDX' using 'connect_string' ;

3. From 11.2.0.4 and further, there are two possible options :
- using plane passwords in db_link statement ("identified by ", not by "identified by values ...") ;
- using expdp/impdp solution for duplicating database link. The passwords are kept as its were, but renaming of database link is not supported (there are no remap_dblink parameter for impdp). It is possible to solve it by unsupported way - modify name in link$ system table with flushing of shared pool aftermath.

PS. In Oracle9i the passwords of database links' destination schemas were kept in plane text in link$ dictionary table and in ku$_dblink_view also.

Good Luck !!!

No comments:

Post a Comment