|
|
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
Database links allow a database to access the information in another database. To ensure adequate protection of such information however, database links should only be used when absolutely necessary.
To allow access control of users employing database links, a suitable concept of defining user IDs is necessary. In principle, a user is able to access an extraneous database if it recognises the ID with which the user logs into the local database. Additional security is provided by the possibility of establishing links with an explicit specification of the user ID and a password.
In principle, every database user is entitled to establish database links (provided that the user is able to execute the related CREATE command). In general however, only the administrator should be authorised to establish such links. This applies especially to database links which can be employed by all users (PUBLIC DB-Links). The right to establish database links should explicitly not be granted to standard user IDs.
Furthermore, the number of database links which can be employed simultaneously by a user must be restricted in order to control the loads on the database servers. Otherwise an intruder could exploit this situation to obstruct, or even completely paralyse, the operation of the database servers.
Documentation of the database links configured by the administrator is indispensable. In addition to the types of link (established via a special user ID, or given that the locally applicable database ID has also been configured, for the connected database) the documentation should also list the user groups authorised to make use of each database link. As already mentioned, database links defined as PUBLIC can be used by all database IDs.
Additional controls:
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |