Home » Infrastructure » Unix » oracle username password visible (oracle 10g,hp unix)
oracle username password visible [message #329564] Wed, 25 June 2008 20:19 Go to next message
swas_fly
Messages: 220
Registered: March 2008
Location: Bhubaneswar
Senior Member
Hi All

THis is a critical situation i am facing and unable to figure out how to solve it.

When we run any .sql file
something like this!!!!!


sqlplus $generalogin @a.sql


say the job is running and someone fires the command


ps -eaf | grep a.sql


here he can see
sqlplus user/password a.sql


somehow i need to implement nolog

NOLOG connection in SQL loader

how to do this???

please help?

Report message to a moderator

Re: oracle username password visible [message #329566 is a reply to message #329564] Wed, 25 June 2008 21:00 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
Users should NOT have accounts on the database server system!

[Updated on: Wed, 25 June 2008 21:00] by Moderator

Report message to a moderator

Re: oracle username password visible [message #329576 is a reply to message #329566] Wed, 25 June 2008 22:42 Go to previous messageGo to next message
swas_fly
Messages: 220
Registered: March 2008
Location: Bhubaneswar
Senior Member
sorry but i am not clear?

secondly as the unix box id is generic so any other user loging in and firing the ps command at the same time when the job is run can see the details.

i am trying my best to make things clear,please clarify

Report message to a moderator

Re: oracle username password visible [message #329577 is a reply to message #329564] Wed, 25 June 2008 22:54 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
On some/many/most production systems, only the DBA & *nix SA have operating system account/login.

Why do regular users have ability to log onto the DB server?

Report message to a moderator

Re: oracle username password visible [message #329581 is a reply to message #329564] Wed, 25 June 2008 23:16 Go to previous message
Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
I agree with Ana, end users should not have account on server, however some batch accounts may have.

In this case,
- these accounts must not be allowed to connect to the server only cron (or the like) scripts can be launched
- they should have an OS authenticated database account and connect with "connect /" (another way is to use Oracle Secure Password Store).

Regards
Michel

Report message to a moderator

Previous Topic: Calling Pl/sql Stored Procedure from Unix shell script
Next Topic: Solaris
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Dec 02 18:22:36 CST 2024
.:: Forum Home :: Blogger Home :: Wiki Home :: Contact :: Privacy ::.