Re: Security Problems of using Pro-C

Brian Sachar (sachar_at_iserv.melpar.esys.com) wrote:
> alacy_at_hayes.com writes:
 

> >1. Hard code the name and password. This is not considered as valid
> > solution.
> >2. Pass the name and password as parameters to the Pro-C program. The
> > problem with this option is that anyone with access to the Unix
> > command "ps" can easily see the parameters.
> >3. Store the name and password as environment variables and have the

       Pro-C program look there for them.  The problem with this is there
       is an option to "ps" to which will show the environment.

> Method 3 is probably a safer bet than Method 2 because some versions
> of "ps" do not have the environment option.
But if you know that your version of ps does have this option?

> Another possibility is to use the "<<" operator to pass the password
> through standard input. For example,
> I'm not sure of any security problems with using standard input,
> but I'm sure there are some...

Option 5: use OPS$ accounts, and then the username and password are simply /, and everbody's happy!

--
 _________________________   __________________________________________
/  Tommy Wareing          \ /  I've been looking for an original sin,  \
|  p0070621_at_brookes.ac.uk  X   One with a twist and a bit of a spin    |
\  0865-483389            / \     -- Pandora's Box, Jim Steinman       /
 ~~~~~~~~~~~~~~~~~~~~~~~~~   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~