Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Security problem with SQLPLUS.

Re: Security problem with SQLPLUS.

From: <rwessman_at_us.oracle.com>
Date: 1998/03/10
Message-ID: <u90qiqio1.fsf@us.oracle.com>#1/1 







Chinmoyee Deshpande <Chin.Deshpande_at_mci.com> writes:



> 

> when I use SQLPLUS scott/Tiger @test.sql from a UNIX window to connect

> to the database my password and username is getting exposed if someone

> types ps -ef |grep sql. to check all processes. This is a big security

> flaw. How can I fix this problem.

> Thanks,

> -Chin Deshpande

> 

> 



Unfortunately, there is no way to stop ps from showing the username and
password. Many operating systems copy the argv array into a location
inaccessible to Oracle so that the username and password can't be erased.



What you can do is one of the following:

1. Use external authentication so that a username and password aren't needed;
2. Run the script interactively;
3. Embed the username/password in the script.


-- 
                                        Rick
                                        Rick Wessman
                                        Middleware Security Products
                                        Oracle Corporation
                                        rwessman_at_us.oracle.com


Received on Tue Mar 10 1998 - 00:00:00 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US