Re: SQL-LOAD / SQL-PLUS show info on USERID/PSSWRD

From: Don Vick <dvick_at_lanier.com>
Date: Wed, 7 Dec 1994 04:07:07 GMT
Message-ID: <D0FA3v.F45_at_lanier.com>


In article <3c23oh$78o_at_usenet.rpi.edu>, Adam Hoffman <hoffma_at_rpi.edu> wrote:
>In article <gommans.42.2EE45E4C_at_iso.few.eur.nl>, gommans_at_iso.few.eur.nl (Leon Gommans) says:
>>
>>Working a lot with SQL-LOAD and SQL-PLUS I yesterday found something that frightend
>>me. When calling SQL-LOAD from a script I have to include USERID/PSSWRD. I don't like it
>>this way, but if you're carefull, no problem. But when I started SQL-LOAD and looked at the
>>processes (ps -aux) I was amazed.
>>
>>It looked something like:
>>
>>oracle 2140 0.0 0.0 180 0 ? IW 09:51 0:01 sql-load USERID/PSSWRD ..... etc.
>>
>Could you use OPS$ accounts for this job? This way only the / will
>show if someone does a ps on the process.

This is apprently a problem on all Unix platforms (at least). We use OPS$ accounts extensively to get around the problem. You can combine this with judicious use of the su command (encapsulated in a compiled program to avoid putting the password in the clear) to allow authorized users to execute Oracle utilities in the name of a privileged user, e.g.,

        become.dba sqlplus / _at_script

instead of:

        sqlplus system/manager



Donald E. Vick (dvick_at_lanier.com, dvick_at_crl.com) Voice: (404) 493-2194 Fax: (404) 493-2399 Received on Wed Dec 07 1994 - 05:07:07 CET

Original text of this message