Keeping Passwords Secure

From: Sam Nelson <sam_at_cs.stir.ac.uk>
Date: 14 Sep 1994 14:54:41 GMT
Message-ID: <3572rh$6o1_at_lorne.stir.ac.uk>

I realise from the outset that my field of application is atypical, however:

As of next week, I'll have 60-odd students using Oracle in my Department for learning about databases. They'll all have assignments to do (almost all the same) and it is therefore pretty vital that they can't look at each others' work. However, SQL*Plus and other tools very much like to have users put passwords on command lines in plain view, and if they're on command lines, then, even if they haven't been seen from the screen, they can be seen from a Unix `ps' display. Now I know I can exercise `persuasion' to try to prevent students from entering a password in any other situation than in response to a prompt from SQL*Plus, but there's sufficient temptation to do this that it occurs to me to ask this group if anyone knows if there's anything concrete I can do about it. The notion of having an Oracle application read a password in previously-encrypted form from a file only readable by the user has occurred to me, but I'm not about to rewrite SQL*Plus in a week. I know I can use `identified externally' users, but that doesn't help in my multiple-HP9000/700 setup.

So, any ideas... Please?

-- 
SAm.                              -- (Insert bandwidth-wasting disclaimer here)

Received on Wed Sep 14 1994 - 16:54:41 CEST

This message: [ Message body ]
Next message: Ramesh: "Re: Keeping Passwords Secure"
Previous message: Michael Nolan: "Re: Keeping Passwords Secure"
Next in thread: Ramesh: "Re: Keeping Passwords Secure"
Reply: Ramesh: "Re: Keeping Passwords Secure"
Reply: jl34778_at_corp02.d51.lilly.com: "Re: Keeping Passwords Secure"
Maybe reply: Barry Roomberg: "Re: Keeping Passwords Secure"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message