Keeping Passwords Secure
Date: 14 Sep 1994 14:54:41 GMT
Message-ID: <3572rh$6o1_at_lorne.stir.ac.uk>
I realise from the outset that my field of application is atypical, however:
As of next week, I'll have 60-odd students using Oracle in my Department for
learning about databases. They'll all have assignments to do (almost all the
same) and it is therefore pretty vital that they can't look at each others'
work. However, SQL*Plus and other tools very much like to have users put
passwords on command lines in plain view, and if they're on command lines,
then, even if they haven't been seen from the screen, they can be seen from
a Unix `ps' display. Now I know I can exercise `persuasion' to try to prevent
students from entering a password in any other situation than in response to
a prompt from SQL*Plus, but there's sufficient temptation to do this that it
occurs to me to ask this group if anyone knows if there's anything concrete
I can do about it. The notion of having an Oracle application read a password
in previously-encrypted form from a file only readable by the user has occurred
to me, but I'm not about to rewrite SQL*Plus in a week. I know I can use
`identified externally' users, but that doesn't help in my multiple-HP9000/700
setup.
So, any ideas... Please?
--
SAm. -- (Insert bandwidth-wasting disclaimer here)
Received on Wed Sep 14 1994 - 16:54:41 CEST