Re: Keeping Passwords Secure

In article <RWESSMAN.94Sep27080115_at_rwessman.us.oracle.com> rwessman_at_rwessman.us.oracle.com (Rick Wessman) writes:
>In article <779830068snz_at_syntaxis.demon.co.uk> Ian_at_syntaxis.demon.co.uk (Ian Dixon) writes:
>
>>In article <1994Sep16.135357.26557_at_emba.uvm.edu>
>> wvan_at_moose.uvm.edu "Warren Van-Wyck" writes:
>>

 [snip]
>>
>>How about a third - change the behaviour of Unix
>>
>I have a fourth alternative. Use externally-authenticated (ops$) logins,
>so no password is visible at all.
>

From the unix faq:

      You can't really be sure though, since it is quite legal for one
      program to exec() another with any value of argv[0] it desires.
      It is merely a convention that new programs are exec'd with the
      executable file name in argv[0].

      For instance, purely a hypothetical example:
	
	#include <stdio.h>
	main()
	{
	    execl("/usr/games/rogue", "vi Thesis", (char *)NULL);
	}

      The executed program thinks its name (its argv[0] value) is
      "vi Thesis".   (Certain other programs might also think that
      the name of the program you're currently running is "vi Thesis",
      but of course this is just a hypothetical example, don't
      try it yourself :-)

Adapting this to sqlplus is left as an exercise for the student :) I haven't tried this on SYSV systems myself, so I don't know how the previous discussions in this thread apply. Try it and let us know if it doesn't work. Hypothetically, of course.

Security by obscurity - an ancient, honored and useless Oracle tradition.

-- 
Joel Garry           joelga_at_amber.rossinc.com            Compuserve 70661,1534
These are my opinions, not necessarily those of Ross Systems, Inc.
%DCL-W-SOFTONEDGEDONTPUSH, Software On Edge - Don't Push.  
panic: ifree: freeing free inodes...