How to pretend to be a process from the local server?
Markus, February 16, 2018 - 8:57 am UTC
<Quote>
This potentially allows an attacker to pretend to be a process from the local server.
</Quote>
Sorry. I didn't get it. What does that mean exactly? How should that work?
February 16, 2018 - 11:36 am UTC
The connection on the remote database expects many connections from different processes on the local db.
I'm a hacker. I create a program that pretends to be the local database with the DB link.
If there's no authentication, it's much easier for me to spoof this connection from the local database.
Just one password more?
Markus, February 16, 2018 - 12:03 pm UTC
So the only difference is that a hacker has to know two instead of one Password?
You said this applies only to SHARED database links. Would this risk not also apply to normal private database links?