Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: sqlplus security
In article <6m5tip$rgp_at_anchor.cis.att.com>,
Bobby Mander <bum_at_wndev.att.com> wrote:
>
> Hi. Is there any way to prevent users from logging in
> to the database using:
>
> $ sqlplus <user>/<password>
>
> This presents a security problem since anyone doing a ps
> can pick these up.
>
> We would like people to login using:
> $ sqlplus
> Enter user-name: <user>
> Enter password: <password>
>
> Alternatively can sqlplus disguise it's command line arguments so no one
> can pick them up?
>
> --
> ---------------------------------------------------
> Bobby Mander bum_at_hyperplane.com
> Hyperplane, Inc. bmander_at_att.net
> http://home.att.net/~bmander/
>
Hi,
You can substitute actual sqlplus with UNIX script to check if username/password is passed before invoking actual sqlplus. Something like this:
#!/usr/bin/sh
if [ `echo $1 | grep / | wc -l` -eq 1 ]
then
echo "Error: don't type password at command line.." exit
echo "Error: don't type password at command line.." exit
Hope this helps
Albert Balbekov,
Senior consultant,
GRT Inc
http://www.grtcorp.com
-----== Posted via Deja News, The Leader in Internet Discussion ==----- http://www.dejanews.com/ Now offering spam-free web-based newsreading Received on Tue Jun 16 1998 - 12:56:39 CDT