Re: Keeping Passwords Secure
Date: Tue, 4 Oct 1994 15:45:25 GMT
Message-ID: <1994Oct4.154525.25655_at_rossinc.com>
In article <RWESSMAN.94Sep27080115_at_rwessman.us.oracle.com> rwessman_at_rwessman.us.oracle.com (Rick Wessman) writes:
>In article <779830068snz_at_syntaxis.demon.co.uk> Ian_at_syntaxis.demon.co.uk (Ian Dixon) writes:
>
>>In article <1994Sep16.135357.26557_at_emba.uvm.edu>
>> wvan_at_moose.uvm.edu "Warren Van-Wyck" writes:
>>
[snip]
>>
>>How about a third - change the behaviour of Unix
>>
>I have a fourth alternative. Use externally-authenticated (ops$) logins,
>so no password is visible at all.
>
From the unix faq:
You can't really be sure though, since it is quite legal for one program to exec() another with any value of argv[0] it desires. It is merely a convention that new programs are exec'd with the executable file name in argv[0]. For instance, purely a hypothetical example: #include <stdio.h> main() { execl("/usr/games/rogue", "vi Thesis", (char *)NULL); } The executed program thinks its name (its argv[0] value) is "vi Thesis". (Certain other programs might also think that the name of the program you're currently running is "vi Thesis", but of course this is just a hypothetical example, don't try it yourself :-)
Adapting this to sqlplus is left as an exercise for the student :) I haven't tried this on SYSV systems myself, so I don't know how the previous discussions in this thread apply. Try it and let us know if it doesn't work. Hypothetically, of course.
Security by obscurity - an ancient, honored and useless Oracle tradition.
-- Joel Garry joelga_at_amber.rossinc.com Compuserve 70661,1534 These are my opinions, not necessarily those of Ross Systems, Inc. %DCL-W-SOFTONEDGEDONTPUSH, Software On Edge - Don't Push. panic: ifree: freeing free inodes...Received on Tue Oct 04 1994 - 16:45:25 CET