Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: sqlplus problem - more on security

Re: sqlplus problem - more on security

From: Mungo Henning <mungoh_at_itacs.strath.ac.uk>
Date: Thu, 08 Jul 1999 14:19:01 +0100
Message-ID: <3784A544.FE0E3BC2@itacs.strath.ac.uk> 





Hi Robert



rtproffitt_at_my-deja.com wrote:



> Regarding security, we accomplished a level of


> safety on a Unix box by having the script


> substitute published parameters:


>    SQLPLUS $user/$pass ...etc...


> The user and password were in one sub-script which was tighly


> controlled.  It would set environment variables for the


> life of the main script...so no one could see them


> unless they had access to the one tightly controlled


> script.





I'm confused. What's to stop anyone doing a "ps" command
and discovering the username and password? By the start
of the process the shell variables must be substituted, hence
the real words are available for anyone to see?!



Elaboration requested.



Mungo


--


Mungo Henning - it's a daft name but it goes with the face...
mungoh@itacs.strath.ac.uk.http://www.itacs.strath.ac.uk/

(since everyone else does it) I speak for me, not my employer.


Received on Thu Jul 08 1999 - 08:19:01 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US