Re: Oracle Security
From: Lee E Parsons <lparsons_at_world.std.com>
Date: Mon, 23 Jan 1995 18:54:35 GMT
Message-ID: <D2vGIz.4Cy_at_world.std.com>
#!/bin/ksh
#
# chop out the password and exec sqlplus
#
# turns
# sqlplus scott/tiger into sqlplus scott
# sqlplus scott/tiger_at_t:SYSTEM:DB into sqlplus scott_at_t:SYSTEM:DB
#
# There is ofcourse a race condition that would allow you to see
# the password as it is passed to the script but in practical terms
# this is hard to do using just ps
#
# I tried it with an endless loop and couldn't catch the password
# before it was pushed out of the process table
#
USER=`echo $1 | sed "s?/.*_at_?@?;s?/.*??"` exec sqlplus $USER
Date: Mon, 23 Jan 1995 18:54:35 GMT
Message-ID: <D2vGIz.4Cy_at_world.std.com>
>A script file doesn't help! I just wrote a script file sqlplus and called it >as "sqlplus bla/bla". Here's what ps -e gives in another telnet session on the >same machine:
Are you execing the real sqlplus or just running it. The following hack works in my environment.
It also has to nice effect of keeping the username portion of the connect string. The real plus picks up seamlessly and asks for the password.
Comments?
#!/bin/ksh
#
# chop out the password and exec sqlplus
#
# turns
# sqlplus scott/tiger into sqlplus scott
# sqlplus scott/tiger_at_t:SYSTEM:DB into sqlplus scott_at_t:SYSTEM:DB
#
# There is ofcourse a race condition that would allow you to see
# the password as it is passed to the script but in practical terms
# this is hard to do using just ps
#
# I tried it with an endless loop and couldn't catch the password
# before it was pushed out of the process table
#
USER=`echo $1 | sed "s?/.*_at_?@?;s?/.*??"` exec sqlplus $USER
-- Regards, Lee E. Parsons Systems Oracle DBA lparsons_at_world.std.comReceived on Mon Jan 23 1995 - 19:54:35 CET