Re: Keeping Passwords Secure

Sam Nelson <sam_at_cs.stir.ac.uk> wrote:
>I had some useful suggestions by email from David Rolfe (of Sun, apparently?)
>involving adding some whitespace to the front of `username/password' strings
>until they disappear off the end of the command line quoted by `ps'. This
>strategy looks promising. It still doesn't get me past the `looking over the
>shoulder' problem though, and I find it difficult to believe that this hasn't
>been a significant problem elsewhere, let alone remained completely unaddressed
>by Oracle all these years.

To be fair to Oracle they have thought about it. They have just choosen not to do anything. :-}

Seriously what can they do about the over shoulder problem? if they take out the ability to put the usernanme/password on the command line they will break about every existing application.

You have have only 2 good options as I see them. 1) change the behavior of ps or 2) change the behavior of sqlplus.

#2 seems the best course for you since you have already planned to add a frontend to sqlplus to add the whitespaces. If you really care about plain text passwords on the command line go one step further and have your frontend refuse to pass argv on to sqlplus at all.

That would solve both of your problems and makes the programing easier.

-- 
Regards, 

Lee E. Parsons                  		
Systems Oracle DBA	 			lparsons_at_world.std.com