Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: sqlplus security
Well to make people enter username and password u can do one thing that
rename the sqlplus program to some other name and then make shell script that
call sqlplus this way even if users supply parameter to it their will be no
effect of it.
Second simply restrict access to ps command. Why other people need that in the first place.
Or u as administrator use ps and if found anyone using sqlplus username/password, go and change the password of the user this will teach them the lesson not to use in this way.
Now it is up to u what ever way u want to control this :)
In article <uvhpxsgqz.fsf_at_us.oracle.com>,
rwessman_at_us.oracle.com wrote:
>
> This will work, but it is very dangerous. Using this method, a user on a PC
> can impersonate any database user. Use it with care.
>
> Another, more secure, method would be to use one of the mechanisms supported
> by the Advanced Networking Option.
>
> Rick
> Rick Wessman
> Distributed Data Security
> Oracle Corporation
> rwessman_at_us.oracle.com
>
> "Bao Phan" <baophan_at_nmmcc.com> writes:
>
> >
> > You can consider using OS authentication method, OS user/password will be
> > used when login in to oracle database. You can then run sqlplus by typing
> > sqlplus /
> >
> > Bao Phan - DBA.
> >
> > Bobby Mander wrote in message <6m5tip$rgp_at_anchor.cis.att.com>...
> > >Hi. Is there any way to prevent users from logging in
> > >to the database using:
> > >
> > >$ sqlplus <user>/<password>
> > >
> > >This presents a security problem since anyone doing a ps
> > >can pick these up.
> > >
> > >We would like people to login using:
> > >$ sqlplus
> > >Enter user-name: <user>
> > >Enter password: <password>
> > >
> > >Alternatively can sqlplus disguise it's command line arguments so no one
> > >can pick them up?
> > >
> > >--
> > >---------------------------------------------------
> > >Bobby Mander bum_at_hyperplane.com
> > >Hyperplane, Inc. bmander_at_att.net
> > > http://home.att.net/~bmander/
> >
> >
>
-----== Posted via Deja News, The Leader in Internet Discussion ==----- http://www.dejanews.com/ Now offering spam-free web-based newsreading Received on Sun Jun 21 1998 - 10:06:32 CDT