Re: How do you feel about allowing non-DBA's on your database servers?

From: Jonathan Intner <jsidba_at_gmail.com>
Date: Wed, 29 Jul 2009 16:28:56 -0400
Message-ID: <a8fc8d940907291328l30015364oa3d5be30eeeb9196_at_mail.gmail.com>

Hi Michael:
Yes, and some flavors of Linux are smart enough to mask it, and there are other ways to clear the command line that I don't recall at the moment, but I could find them, if you're interested, but that doesn't stop folks from doing "sqlplus user/pwd_at_db", (or, exp user/pwd, or imp and so on...my personal favorite are "here" documents (see below)) 'cause its quick-and-easy!

There are lots of ways to avoid this...a few years ago, I wrote several pages of instructions describing 2 or 3 different ways to avoid the construct with tools like sqlplus, exp & imp and worked with DBAs in 3 or 4 countries to get their scripts changed...

Just my $.02,

Jonathan

Unix "here" document:

sqlplus user/pwd_at_db << EOF

select * from v\$instance; (or whatever SQL you need to run)

exit
EOF very quick, very easy, very familiar to most anyone on Unix servers and causes the pwd to be displayed on the command-line (again, typically).

On Tue, Jul 28, 2009 at 7:37 AM, <Michael.Coll-Barth_at_verizonwireless.com>wrote:

>
>
> > From: oracle-l-bounce_at_freelists.org
>
> > client on the network. Also, far more information is easily
> > accessible, sometimes too easily accessible (ps -ef|grep plu
> > anyone? :) from the database server.
>
> Doesn't this work only if the UserID & Password are used on the command
> line when firing up sqlplus; "sqlplus UserID/Password_at_DBinstance" ?
> Isn't that a foolish way to do things to begin with? Particularly in
> Prod?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> The information contained in this message and any attachment may be
> proprietary, confidential, and privileged or subject to the work
> product doctrine and thus protected from disclosure. If the reader
> of this message is not the intended recipient, or an employee or
> agent responsible for delivering this message to the intended
> recipient, you are hereby notified that any dissemination,
> distribution or copying of this communication is strictly prohibited.
> If you have received this communication in error, please notify me
> immediately by replying to this message and deleting it and all
> copies and backups thereof. Thank you.
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Jul 29 2009 - 15:28:56 CDT

This message: [ Message body ]
Next message: SHEEHAN, JEREMY: "Decode function"
Previous message: Andrew Kerber: "Re: oracle 10g and db_keep_cache_size obsolete ?"
In reply to: Michael.Coll-Barth_at_VerizonWireless.com: "RE: How do you feel about allowing non-DBA's on your database servers?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message