Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Shell Scripts/PW Security

Re: Shell Scripts/PW Security

From: Mike Rife <rife_at_moffitt.usf.edu>
Date: 1996/11/27
Message-ID: <57hg61$q8a@news.usf.edu>#1/1 







That is true if the users have the MEM privilege.  MEM allows users to 
see the processes of other users.  To secure this hole, at a previous 
employer we created our Unix accounts without the MEM privilege.  All the 
users could see with the ps -ef command is there own processes!  This was 
on SCO Unix.  Other Unix versions may be different.





In article <329BC09A.7FA8_at_deere.com>, jh33378_at_deere.com says...


>

>John Hough wrote:

>> 

>> I have a series of database performance tuning scripts that we would

>> like to run from a particular machine against remote instances.  If

>> we were running these online we could issue the command:

>> 

>> sqlplus username/password_at_remote_sqlservice @sqlscript_to_run

>> 

>

>You should be aware of the security hole involved in using a password on 

>the command line -- the ps -ef command will reveal the password to any 

>user on your machine! 

>-- 

>John P. Higgins      Voice:    (309)765-4481

>Deere & Company      Fax:      (309)765-5168

>John Deere Road      Internet: jh33378_at_deere.com

>Moline, IL 61265     Opinions: My Own

Received on Wed Nov 27 1996 - 00:00:00 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US