Re: SqlMenu "runmenu": how to hide parameters?

From: Lee Parsons <lparsons_at_exlog.com>
Date: Tue, 11 Jan 94 19:49:03 GMT
Message-ID: <1994Jan11.194903.10639_at_exlog.com>

p0070621_at_oxford-brookes.ac.uk (Tommy Wareing) wrote:
>David Robert Dymm (dymmd_at_source.asset.com) wrote:
>...
>> runmenu50 my_application $(menu_user) -m fullscreen -c $TERM:$TERM
...
>> The problem with this approach is that
>> executing the command "ps -aef" on our system will produce a listing
>> that shows the command "runmenu50" with all of its parameters. I
>> would like to keep the username/password hidden from users. How can I
>> do this?

>> I am using two RS-6000s running: AIX 3.2.4 with Oracle 6.0.43.2.1; and
>> AIX 3.2.5 with Oracle 7.0.15.4.0. Whatever solution I come up with
>> must work on both platforms.
>
>As far as I know, there is no sane way of solving this. The ps command has
>variants on other platforms. We briefly experimented with writing a wrapper
>for ps to remove various 'dodgy' words from the output, but gave up because
>I didn't really know what I was doing :) It might work if implemented
>properly, since I think you need root access to get at the memory of other
>processes, so there are only a countable number of ways of doing this.

Now wait a minute. Everything Tommy had to say was 100% dead on, But I wonder if we aren't solving the wrong problem here. When I invoke 'runmenu50 test foo/foo' under SunOS 4.1.2 ORACLE 6.0.35 I get the following from the process list:

oracle 1461 1.7 0.7 276 820 pc S 12:57 0:00 runmenu50 TEST

Additionaly, when I execute 'runform30 -c vt100:vt100 test foo/foo' on a database as old as 6.0.33 I get:

oracle 14618 14617 0 13:13:38 ttyqi 0:01 runform30 -c vt100 vt100 test

I assume that runform and runmenu are assigning the user/passwd to variables and forking a new process that doesn't have the passwd information on the command line.

Why are you having a problem with the password showing up on the command line and I am not?

Are you concerned about the brief period of time that the process takes to do the connect before the fork can happen? If so then ignore my comments and take Tommy's advise. If not then something else is going on here.

-- 
Regards, 

Lee E. Parsons                  		Baker Hughes Inteq, Inc
Oracle Database Administrator 			lparsons_at_exlog.com

Received on Tue Jan 11 1994 - 20:49:03 CET

This message: [ Message body ]
Next message: respec_at_unm.edu: "Re: Oracle online?"
Previous message: Joe Minnich: "Re: Dynamic variables within unix script file..."
Maybe in reply to: David Robert Dymm: "SqlMenu "runmenu": how to hide parameters?"
In reply to David Robert Dymm: "SqlMenu "runmenu": how to hide parameters?"
Next in thread: respec_at_unm.edu: "Re: Oracle online?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message