Seeing password with ps - UNIX (WAS: Security Problems of using Pro-C)
Date: Fri, 14 Jan 94 15:27:00 GMT
Message-ID: <1994Jan14.152700.15131_at_exlog.com>
ah513_at_FreeNet.Carleton.CA (Doug Harris) wrote:
>alacy_at_hayes.com wrote:
>
>>It appears that any of these options will allow people to see the passwords.
>>But when I use an Oracle tool option 2 seems to work. Ie if I use
>>
>> sqlplus name/password _at_program
>>
>>The name and password does not show when I do a "ps". This appears to work for
>>all the tools provided by Oracle. Does anyone know how to code a Pro-C program
>>so that it does the same thing? I think this would cover my security problem
>>of using Pro-C.
>
> The tools are clobbering the userid and password from argv[]. Unfortunately
>this only works on a few operating systems (fewer and fewer as time goes
>by).
On all the systems I have been on since V6 the password user combination has been over written. They include Dec Ultrix, Intergraph CLIX, SunOS and Sequent Dynix.
What OS have you encountered that does not zap them? Drop me an e-mail and I'll summarize if anybody cares.
-- Regards, Lee E. Parsons Baker Hughes Inteq, Inc Oracle Database Administrator lparsons_at_exlog.comReceived on Fri Jan 14 1994 - 16:27:00 CET