Re: Oracle Security

From: Stephen Knilans <stephenk_at_netcom.com>
Date: Sat, 28 Jan 1995 16:41:16 GMT
Message-ID: <stephenkD34Jos.HKr_at_netcom.com>


In article <3gcai9$iu6_at_maple.can.net> kuliga_at_maple.can.net (Andrew Kulig) writes:
>
>
>schueman_at_access.digex.net (Greg Schueman) wrote:
>
>
>>
>>We did the obvious - renamed SQL/PLUS, wrote a C program that
>took the arguments passed, shifted them about 20 bytes to the
>right (i.e. right-justified with blanks), then called the
>re-named SQL/PLUS. In our UNIX anyway, ps -ef only shows about
>the first 20 bytes of the invoking command..but SQL/PLUS parses
>the whole line correctly and finds the uid/pswd.

CAREFUL! ps, to keep from being, I/O bound, displays only PART of the command! MANY versions have an option, usually -w as I recall, to show a larger part of the line! BTW the < > constructs apparantly are excluded from all versions, though the | (pipe) construct creates sub processes that are apparant.

Steve Received on Sat Jan 28 1995 - 17:41:16 CET

Original text of this message