Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: ps -ef | grep sqlplus

RE: ps -ef | grep sqlplus

From: Kevin Lange <kgel_at_ppoone.com>
Date: Tue, 19 Jun 2001 11:30:27 -0700
Message-ID: <F001.0032F16F.20010619113126@fatcity.com> 






Here is our method:



    
  
  1.   We save the passwords in a file using the OS level command CRYPT.
  
  2.   To run something we call a script file from Cron that first goes and gets
the encrypted password from config file.
  
  3.   Then we decrypt the password using CRYPT.
  
  4.   Then we start the sql process with the /nolog option.
  
  5.   Then we connect to the database using the connect
userid/password_at_database command.






This has a few advantages:


1. The passwords are not visible on the command line.
2. The passwords are not in every script file.  They are only kept in one
config file.


3. The config file only keeps encrypted passwords.





-----Original Message-----


Sent: Tuesday, June 19, 2001 1:38 PM


To: Multiple recipients of list ORACLE-L








hi,



do you know how to hide oracle passwords from ps -ef? we pass in our pw in
cron, and it shows up when you run ps -ef (to check unix processes). i
recognize that is this NOT a smart thing to do...



can anyone recommend a better way of supplying oracle passwords when
scripts are connecting to oracle? do you use config files that store
pws? just curious what everyone else is doing to plug this security hole.



thanks,


kris



-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: Kris Austin


  INET: kaustin_at_advance.net


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: Kevin Lange


  INET: kgel_at_ppoone.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Tue Jun 19 2001 - 13:30:27 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US