Re: SqlMenu "runmenu": how to hide parameters?

>do this? Can I create a C program, link with an Oracle library and
>call "runmenu" directly from C? Is there a way to call "runmenu" from
>a shell script and hide the username/password parameter?

Consider the use of OPS$ accounts - this would replace the user/password with a '/'.

A 'C' program or PERL (?) script can scribble over it's input parameters, so this is possible, but they will still be visible for a brief time, so they could be spotted by a 'looping ps command'. I'm not sure this is possible within the Unix shells - try posting to the comp.unix.* hierachcy. I am not convinced this would help as at some point you will have to exec/system the runmenu command.

Are there not 'keyscript files' that can be run ?

Sqlforms30 allows use of the -e & -r flags that allow you to run up a form such that the user/password is stored in a keyscript file and the ps output will show 'sqlforms30 -r <file>'. I do not have access to runmenu on my database so cannot test, but would suspect that runmenu will operate in the same manner.

Remember to delete any keyscript files that you create, as they will contain the user/password information. Also ensure that the keyscript file can be read only by those you want it to be read by ( chown, chgrp and chmod Unix calls ).

A little known trick in Unix is that you can 'delete' a file that is held open for reading so that others cannot read it, as to all intents & purposes it no longer exists. This is often undocumented and some Sys Admins discourage it's use. This is detailed in the O'Reilley Unix Power Tools book.

Anyone else got any ideas ??

Good luck

IAP Received on Mon Jan 10 1994 - 11:35:29 CET