What are the possible problems bound to a DB Link in a production environment?

Question

In the company I work for the DB experts says a DB Link is really dangerous. I couldn't understand why. The entire network is protected I believe it's not a security problem.

Is any severe problem affecting DBLink?

Answer 1

Database links can lead to a certain loss of control over who can see your data. If I allow you to connect to my database, and you create a database link using those credentials, you can then grant access to that link - and thus my data - to other people without my knowledge or consent. Or you could expose it some other way, e.g. if you leave an application that uses the link open to SQL injection.

Of course I'd have created a new user account with the minimum privileges you needed, and quite likely read-only, to minimise the damage you or they could do. But even so, my data could leak out, and you - or someone using your link - could potentially see, extract, replicate or disseminate it.

Security isn't just about networks and physical security, it's about people too. I might originally have been satisfied that you needed access, say to a mix of data of different levels of sensitivity; and you might have thought it was OK to open the link up to someone who wanted a subset of that which you don't consider sensitive, without considering that they could actually see much more than they needed or should be allowed to. Even if they don't poke around and find the sensitive stuff, they might treat it as a non-sensitive and, say, share a password which indirectly gives yet another person access to my data - and of course I have no idea this is happening. At some point someone may notice that they can see all this stuff, which could be a big problem, for me and (since it's ultimately your account they're using to get to my DB) you.

The more sensitive the data I'm holding, the more likely this would appear 'dangerous', I guess. You'd need to ask your DB expert to elaborate on their specific concerns.