Seeing password with ps - UNIX (WAS: Security Problems of using Pro-C)

From: Lee Parsons <lparsons_at_exlog.com>
Date: Fri, 14 Jan 94 15:27:00 GMT
Message-ID: <1994Jan14.152700.15131_at_exlog.com>

ah513_at_FreeNet.Carleton.CA (Doug Harris) wrote:
>alacy_at_hayes.com wrote:
>
>>It appears that any of these options will allow people to see the passwords.
>>But when I use an Oracle tool option 2 seems to work. Ie if I use
>>
>> sqlplus name/password _at_program
>>
>>The name and password does not show when I do a "ps". This appears to work for
>>all the tools provided by Oracle. Does anyone know how to code a Pro-C program
>>so that it does the same thing? I think this would cover my security problem
>>of using Pro-C.
>
> The tools are clobbering the userid and password from argv[]. Unfortunately
>this only works on a few operating systems (fewer and fewer as time goes
>by).

On all the systems I have been on since V6 the password user combination has been over written. They include Dec Ultrix, Intergraph CLIX, SunOS and Sequent Dynix.

What OS have you encountered that does not zap them? Drop me an e-mail and I'll summarize if anybody cares.

-- 
Regards, 

Lee E. Parsons                  		Baker Hughes Inteq, Inc
Oracle Database Administrator 			lparsons_at_exlog.com

Received on Fri Jan 14 1994 - 16:27:00 CET

This message: [ Message body ]
Next message: Cory Sandahl: "Oracle 6.0 to MS-ACCESS problems"
Previous message: ivo.drvaric_at_ext.uni-mb.si: "Help Oracle on Unix ( SQL*FORMS )"
In reply to Doug Harris: "Re: Security Problems of using Pro-C"
Next in thread: Chris Jack: "Re: Oracle 7.0: Case insensitive string comparisons?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message