Re: Keeping Passwords Secure

From: Michael Nolan <nolan_at_helios.unl.edu>
Date: 14 Sep 1994 20:59:05 GMT
Message-ID: <357o6p$gn0_at_crcnis1.unl.edu>

rkrishna_at_us.oracle.com (Ramesh (cntr - rfisher) Krishnamurthy) writes:

:Try something like this
:setenv UID user1
:setenv PWD user1
:and in the scripts use sqlplus $UID/$PWD
:If all the users are using the same unix login userids , then write a small
:shell script in /etc/profile and prompt for UID and PWD and set the
:environment variables only for that session. This way even the command 'ps'
:will return only $UID/$PWD .

I just checked on SVR4, and ps -ef WILL return the substituted values of $UID and $PWD, so this doesn't hide the account/password sufficiently.

Is there a reason that they can't just type sqplus and then enter their username and password and run their sql scripts with the 'run' or _at_ command? (When I do this, the password is not echoed to the screen.)

---
Michael Nolan, Sysop for the DBMS RoundTable on GEnie
nolan_at_notes.tssi.com, dbms_at_genie.geis.com
(posted from nolan_at_helios.unl.edu)

Received on Wed Sep 14 1994 - 22:59:05 CEST

This message: [ Message body ]
Next message: Sam Nelson: "Keeping Passwords Secure"
Previous message: Doug Campbell: "Re: Ad Hoc Query Tools"
Maybe reply: Stephen Zander: "Re: Keeping Passwords Secure"
Maybe reply: Lee E Parsons: "Re: Keeping Passwords Secure"
Maybe reply: Denis Langlais: "Re: Keeping Passwords Secure"
Maybe reply: John A. Karnes: "Re: Keeping Passwords Secure"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message