Re: ps shows user/password under Unix - SU
Date: Mon, 14 Feb 94 09:05:05 CST
Message-ID: <2jo3tr$ofc_at_news.iastate.edu>
In article <1994Feb10.125309.22422_at_ornl.gov>,
bzy_at_ornl.gov ( B C Zygmunt) writes:
>I agree with Lee Parsons whose reply to this question included:
>
> If you have oracle userid/passwords normally sitting unencrypted
> someplace then you have a problem designed into your system. By taking
> out ps your not removing the problem only covering it up. The only way
> to fix the problem is to change the design of the system/application.
>
>At our installation, front-end programs are going to be written for all Oracle
>tools (such as SQL*Plus) so that if a password is entered on the command line
>an error occurs. When this happens, the history file (which would reveal the
>password) will also be deleted.
>
>+ Beverly Cather Zygmunt + Phone: (615) 574-1007 +
>+ Oak Ridge National Laboratory + email: zygmuntbc_at_ornl.gov +
>+ Oak Ridge, TN 37831-6274 + +
We are running BSD unix on ULTRIX and so do not have the ps problem. However, the point of passwords in files raises a problem we have:
How does one generate reports from within SQL*Forms without having the password in a script file. We run reports from SQL*Plus scripts (which we generate from shell scripts with the query comimg from forms using the HOST exit). Since SQL*Forms cannot/(will not) pass any password info, the only recourse is to store the sql*plus logon info in a file (user can of course be passed through, but pw ????).
How do others deal with this?
Thanks.
Marvin Beck Iowa State University Received on Mon Feb 14 1994 - 16:05:05 CET