Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: sqlplus security

Re: sqlplus security

From: <abalbekov_at_my-dejanews.com>
Date: Tue, 16 Jun 1998 17:56:39 GMT
Message-ID: <6m6bkn$t19$1@nnrp1.dejanews.com> 





In article <6m5tip$rgp_at_anchor.cis.att.com>,
  Bobby Mander <bum_at_wndev.att.com> wrote:


>


> Hi.  Is there any way to prevent users from logging in


> to the database using:


>


> $ sqlplus <user>/<password>


>


> This presents a security problem since anyone doing a ps


> can pick these up.


>


> We would like people to login using:


> $ sqlplus


> Enter user-name: <user>


> Enter password:  <password>


>


> Alternatively can sqlplus disguise it's command line arguments so no one


> can pick them up?


>


> --


> ---------------------------------------------------


> Bobby Mander          bum_at_hyperplane.com


> Hyperplane, Inc.      bmander_at_att.net


>                       http://home.att.net/~bmander/


>





Hi,



You can substitute actual sqlplus with UNIX script to check if
username/password is passed before invoking actual sqlplus. Something like
this:



#!/usr/bin/sh


if [ `echo $1 | grep / | wc -l` -eq 1 ]
then

        echo "Error: don't type password at command line.."
        exit




fi


if [ `echo $2 | grep / | wc -l` -eq 1 ]
then

        echo "Error: don't type password at command line.."
        exit




fi


sqlplus $*



Hope this helps


Albert Balbekov,


Senior consultant,


GRT Inc


http://www.grtcorp.com




-----== Posted via Deja News, The Leader in Internet Discussion ==-----
http://www.dejanews.com/   Now offering spam-free web-based newsreading
Received on Tue Jun 16 1998 - 12:56:39 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US