Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: sqlplus security
This will work, but it is very dangerous. Using this method, a user on a PC
can impersonate any database user. Use it with care.
Another, more secure, method would be to use one of the mechanisms supported by the Advanced Networking Option.
Rick Rick Wessman Distributed Data Security Oracle Corporation rwessman_at_us.oracle.com
"Bao Phan" <baophan_at_nmmcc.com> writes:
>
> You can consider using OS authentication method, OS user/password will be
> used when login in to oracle database. You can then run sqlplus by typing
> sqlplus /
>
> Bao Phan - DBA.
>
> Bobby Mander wrote in message <6m5tip$rgp_at_anchor.cis.att.com>...
> >Hi. Is there any way to prevent users from logging in
> >to the database using:
> >
> >$ sqlplus <user>/<password>
> >
> >This presents a security problem since anyone doing a ps
> >can pick these up.
> >
> >We would like people to login using:
> >$ sqlplus
> >Enter user-name: <user>
> >Enter password: <password>
> >
> >Alternatively can sqlplus disguise it's command line arguments so no one
> >can pick them up?
> >
> >--
> >---------------------------------------------------
> >Bobby Mander bum_at_hyperplane.com
> >Hyperplane, Inc. bmander_at_att.net
> > http://home.att.net/~bmander/
>
>
Received on Fri Jun 19 1998 - 07:44:36 CDT