Re: sqlplus problem - more on security

From: Mungo Henning <mungoh_at_itacs.strath.ac.uk>
Date: Thu, 08 Jul 1999 14:19:01 +0100
Message-ID: <3784A544.FE0E3BC2_at_itacs.strath.ac.uk>


Hi Robert

rtproffitt_at_my-deja.com wrote:

> Regarding security, we accomplished a level of
> safety on a Unix box by having the script
> substitute published parameters:
> SQLPLUS $user/$pass ...etc...
> The user and password were in one sub-script which was tighly
> controlled. It would set environment variables for the
> life of the main script...so no one could see them
> unless they had access to the one tightly controlled
> script.

I'm confused. What's to stop anyone doing a "ps" command and discovering the username and password? By the start of the process the shell variables must be substituted, hence the real words are available for anyone to see?!

Elaboration requested.

Mungo

--
Mungo Henning - it's a daft name but it goes with the face...
mungoh_at_itacs.strath.ac.uk.http://www.itacs.strath.ac.uk/
(since everyone else does it) I speak for me, not my employer.
Received on Thu Jul 08 1999 - 15:19:01 CEST

Original text of this message