Re: Keeping Passwords Secure

From: Drives Project - RTA NSW - Australia <drives_at_rta.oz.au>
Date: Wed, 5 Oct 94 07:56:22 GMT
Message-ID: <1994Oct5.075622.4925_at_rta.oz.au>


In article <RWESSMAN.94Sep27080115_at_rwessman.us.oracle.com> rwessman_at_rwessman.us.oracle.com (Rick Wessman) writes:
>In article <779830068snz_at_syntaxis.demon.co.uk> Ian_at_syntaxis.demon.co.uk (Ian Dixon) writes:
>>In article <1994Sep16.135357.26557_at_emba.uvm.edu>
>> wvan_at_moose.uvm.edu "Warren Van-Wyck" writes:
>>[stuff deleted]
>>> I asked a similar question a few months ago but never got an answer.
>>> It appears that the program that is running can alter what appears in
>>> the 'ps -f' display for commands. In fact for 'runform' (aka 'iad')
>>> if a UserId/Password is entered on the command line, it does NOT show
>>> in a 'ps' display (at least for AIX 3.2.5 and SQL*Forms 3.0).
>>

[ Many explanations and oracle gripes deleted]

>As Ian notes, this problem is inherent in some Unices. As Oracle as an
>application that runs on top of the operating system, there is no way
>for it to change the behavior of the O/S.
 

>>> : You have have only 2 good options as I see them. 1) change the behavior
>>> : of ps or 2) change the behavior of sqlplus.
>>>
>>> Oracle should change the behavior of sqlplus.
>>
>>How about a third - change the behaviour of Unix
>>
>I have a fourth alternative. Use externally-authenticated (ops$) logins,
>so no password is visible at all.
>
> Rick

Option 5....

Why can the oracle tools not take the username and/or password from an environment variable? - The only system I know where this would be visible to ps is Apollo Domain, which isn't even a real unix.

(I know you would still have to be careful with shell history etc.., but it would be a big improvement for captive logins etc)

Any Suggestions/Reasons why this cannot be done?

Cris Bailiff
crisb_at_drives.rta.oz.au
drives_at_rta.oz.au,

-- 



DRIVES PROJECT
Received on Wed Oct 05 1994 - 08:56:22 CET

Original text of this message