Re: Security question: sqlplus and the ps cmd on Unix

From: Todd Helfter <tmh_at_extra.cc.purdue.edu>
Date: 1995/03/30
Message-ID: <3lejtg$fb7_at_mozo.cc.purdue.edu>#1/1

In article <3lc7cg$m8a_at_athos.cc.bellcore.com>, parris_at_walleye.esp.bellcore.com (Parris Geiser) writes:
|> Eli Haber (haber_at_panix.com) wrote:
|> > I am having a security problem with Oracle and Unix.

|> > We have Oracle 7.1 installed on a SCO Unix server. Often.
|> > people log in to the Server and run SQLPlus from there
|> > using the command line:

|> > sqlplus scott/tiger

|> > (Of course, they use their own Oracle ID and password.)

|> > The problem is this: If you use the Unix ps command to
|> > see what processes are running and you use the -f option,
|> > you can see the entire command line entered by another
|> > user, thus enabling you to see their password.

|> > Is there any way around this?
|>
|> I'll tell you what I did ...
|> Use sqlplus -S -S -S .......... scott/tiger

Don't forget that on an XTERM one can resize the window to see more of the ps line than 80 characters.

|> I.e., put in enough -S's so that the ps doesn't show the passwd.
|> A kludge but it works.
|> parris

-- 
	 .-----------------------------.
	|        Todd M. Helfter	|
	|    tmh_at_staff.cc.purdue.edu	|
	 `-----------------------------'

Received on Thu Mar 30 1995 - 00:00:00 CEST

This message: [ Message body ]
Next message: Lee Parsons: "Re: Security question: sqlplus and the ps cmd on Unix"
Previous message: Ian Parkin: "Re: Security question: sqlplus and the ps cmd on Unix"
Maybe in reply to: Stalker: "Re: Security question: sqlplus and the ps cmd on Unix"
In reply to Parris Geiser: "Re: Security question: sqlplus and the ps cmd on Unix"
Next in thread: Lee Parsons: "Re: Security question: sqlplus and the ps cmd on Unix"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message