Re: Keeping Passwords Secure
Date: 14 Sep 1994 18:50:18 GMT
Message-ID: <357gla$hn1_at_dcsun4.us.oracle.com>
In article <3572rh$6o1_at_lorne.stir.ac.uk> sam_at_cs.stir.ac.uk writes:
>I realise from the outset that my field of application is atypical, however:
>
>As of next week, I'll have 60-odd students using Oracle in my Department for
>learning about databases. They'll all have assignments to do (almost all the
>same) and it is therefore pretty vital that they can't look at each others'
>work. However, SQL*Plus and other tools very much like to have users put
>passwords on command lines in plain view, and if they're on command lines,
>then, even if they haven't been seen from the screen, they can be seen from
>a Unix `ps' display. Now I know I can exercise `persuasion' to try to prevent
>students from entering a password in any other situation than in response to
>a prompt from SQL*Plus, but there's sufficient temptation to do this that it
>occurs to me to ask this group if anyone knows if there's anything concrete
>I can do about it. The notion of having an Oracle application read a password
>in previously-encrypted form from a file only readable by the user has occurred
>to me, but I'm not about to rewrite SQL*Plus in a week. I know I can use
>`identified externally' users, but that doesn't help in my multiple-HP9000/700
>setup.
>
>So, any ideas... Please?
>
>--
>SAm. -- (Insert bandwidth-wasting disclaimer here)
Try setting up environment variables in each user's unix login accounts
(I am assuming that each user has a different unix login id) i.e
.profile or .cshrc .
Try something like this
setenv UID user1
setenv PWD user1
and in the scripts use sqlplus $UID/$PWD
If all the users are using the same unix login userids , then write a small
shell script in /etc/profile and prompt for UID and PWD and set the
environment variables only for that session. This way even the command 'ps'
will return only $UID/$PWD .
-- Ramesh KrishnamurthyReceived on Wed Sep 14 1994 - 20:50:18 CEST