Re: Security question: sqlplus and the ps cmd on Unix

From: Stalker <ktoepke_at_infinet.com>
Date: 1995/03/29
Message-ID: <3lcmn0$dns_at_rigel.infinet.com>#1/1


In article <3lbti6$k6m_at_panix.com>, Eli Haber <haber_at_panix.com> wrote:
>I am having a security problem with Oracle and Unix.
>

 <stuff deleted>
>
>sqlplus scott/tiger
>
>(Of course, they use their own Oracle ID and password.)
>
>The problem is this: If you use the Unix ps command to
>see what processes are running and you use the -f option,
>you can see the entire command line entered by another
>user, thus enabling you to see their password.
>
>Is there any way around this?
>

I think you can do it if you create a dymmy shell script and place it in $ORACLE_HOME/bin that calls the real sqlplus command in some other (hidden) location. This shell script should call the real sqlplus with the /NOLOG parameter.

An example shell script:
#!/bin/sh
exec /some/other/directory/sqlplus /NOLOG $* #__eof__

No guarentees that this will work (I can't test it right now as I don't have access to Oracle from home.)

Kevin Toepke

-- 
+-----------------------------------+---------------------------------------+
| ktoepke_at_infinet.com               | Constuction Zone                      |
| ktoepke_at_freenet.columbus.oh.us    |                                       |
+-----------------------------------+---------------------------------------+
Received on Wed Mar 29 1995 - 00:00:00 CEST

Original text of this message