Re: Keeping Passwords Secure

In article <3572rh$6o1_at_lorne.stir.ac.uk> sam_at_cs.stir.ac.uk writes:
>I realise from the outset that my field of application is atypical, however:
>
>As of next week, I'll have 60-odd students using Oracle in my Department for
>learning about databases. They'll all have assignments to do (almost all the
>same) and it is therefore pretty vital that they can't look at each others'
>work. However, SQL*Plus and other tools very much like to have users put
>passwords on command lines in plain view, and if they're on command lines,
>then, even if they haven't been seen from the screen, they can be seen from
>a Unix `ps' display. Now I know I can exercise `persuasion' to try to prevent
>students from entering a password in any other situation than in response to
>a prompt from SQL*Plus, but there's sufficient temptation to do this that it
>occurs to me to ask this group if anyone knows if there's anything concrete
>I can do about it. The notion of having an Oracle application read a password
>in previously-encrypted form from a file only readable by the user has occurred
>to me, but I'm not about to rewrite SQL*Plus in a week. I know I can use
>`identified externally' users, but that doesn't help in my multiple-HP9000/700
>setup.
>
>So, any ideas... Please?
>
>--
>SAm. -- (Insert bandwidth-wasting disclaimer here)

 Try setting up environment variables in each user's unix login accounts (I am assuming that each user has a different unix login id) i.e .profile or .cshrc .
Try something like this
setenv UID user1
setenv PWD user1
and in the scripts use sqlplus $UID/$PWD If all the users are using the same unix login userids , then write a small shell script in /etc/profile and prompt for UID and PWD and set the environment variables only for that session. This way even the command 'ps' will return only $UID/$PWD .

-- 
Ramesh Krishnamurthy