Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Security problem with SQLPLUS.
Chinmoyee Deshpande <Chin.Deshpande_at_mci.com> writes:
>
> when I use SQLPLUS scott/Tiger @test.sql from a UNIX window to connect
> to the database my password and username is getting exposed if someone
> types ps -ef |grep sql. to check all processes. This is a big security
> flaw. How can I fix this problem.
> Thanks,
> -Chin Deshpande
>
>
Unfortunately, there is no way to stop ps from showing the username and
password. Many operating systems copy the argv array into a location
inaccessible to Oracle so that the username and password can't be erased.
What you can do is one of the following:
1. Use external authentication so that a username and password aren't needed; 2. Run the script interactively; 3. Embed the username/password in the script. -- Rick Rick Wessman Middleware Security Products Oracle Corporation rwessman_at_us.oracle.comReceived on Tue Mar 10 1998 - 00:00:00 CST