Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: sqlplus security

Re: sqlplus security

From: Adrian Shepherd <Adrian.Shepherd_at_BTINTERNET.COM>
Date: Tue, 16 Jun 1998 18:20:32 +0100
Message-ID: <6m6a93$mfb$1@mendelevium.btinternet.com> 





Rename the sqlplus exe and replace it with a script that exits if any
parameters have a / in them...



Batch jobs wont work unless you use the renamed version or use acl's and
allow only a batch user to use the renamed exe...



Let me know if this works...I have never tried it.




Bobby Mander wrote in message <6m5tip$rgp_at_anchor.cis.att.com>...


>Hi.  Is there any way to prevent users from logging in


>to the database using:


>


>$ sqlplus <user>/<password>


>


>This presents a security problem since anyone doing a ps


>can pick these up.


>


>We would like people to login using:


>$ sqlplus


>Enter user-name: <user>


>Enter password:  <password>


>


>Alternatively can sqlplus disguise it's command line arguments so no one


>can pick them up?


>


>--


>---------------------------------------------------


>Bobby Mander          bum_at_hyperplane.com


>Hyperplane, Inc.      bmander_at_att.net


>                      http://home.att.net/~bmander/




Received on Tue Jun 16 1998 - 12:20:32 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US