Re: Security Problems of using Pro-C

From: Doug Harris <ah513_at_FreeNet.Carleton.CA>
Date: Thu, 13 Jan 1994 00:20:38 GMT
Message-ID: <CJJKyE.Ey2_at_freenet.carleton.ca>

In a previous article alacy_at_hayes.com writes:

>>It appears that any of these options will allow people to see the passwords.
>>But when I use an Oracle tool option 2 seems to work. Ie if I use
>>
>> sqlplus name/password _at_program
>>
>>The name and password does not show when I do a "ps". This appears to work for
>>all the tools provided by Oracle. Does anyone know how to code a Pro-C program
>>so that it does the same thing? I think this would cover my security problem
>>of using Pro-C.

The tools are clobbering the userid and password from argv[]. Unfortunately this only works on a few operating systems (fewer and fewer as time goes by).

-- 
   - Doug Harris
     Database Administrator,
     System Development Division,
     Statistics Canada             ### Standard Disclaimer Applies ###

Received on Thu Jan 13 1994 - 01:20:38 CET

This message: [ Message body ]
Next message: C. Derek Fields: "Design question"
Previous message: Brian Sachar: "Re: Security Problems of using Pro-C"
Maybe in reply to: Brian Sachar: "Re: Security Problems of using Pro-C"
Next in thread: Gary B. Page: "Re: Design question"
Reply: Lee Parsons: "Seeing password with ps - UNIX (WAS: Security Problems of using Pro-C)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message