Re: Security question: sqlplus and the ps cmd on Unix
Date: 1995/03/30
Message-ID: <3lejtg$fb7_at_mozo.cc.purdue.edu>#1/1
In article <3lc7cg$m8a_at_athos.cc.bellcore.com>, parris_at_walleye.esp.bellcore.com (Parris Geiser) writes:
|> Eli Haber (haber_at_panix.com) wrote:
|> > I am having a security problem with Oracle and Unix.
|> > We have Oracle 7.1 installed on a SCO Unix server. Often.
|> > people log in to the Server and run SQLPlus from there
|> > using the command line:
|> > sqlplus scott/tiger
|> > (Of course, they use their own Oracle ID and password.)
|> > The problem is this: If you use the Unix ps command to
|> > see what processes are running and you use the -f option,
|> > you can see the entire command line entered by another
|> > user, thus enabling you to see their password.
|> > Is there any way around this?
|>
|> I'll tell you what I did ...
|> Use sqlplus -S -S -S .......... scott/tiger
Don't forget that on an XTERM one can resize the window to see more of the ps line than 80 characters.
|> I.e., put in enough -S's so that the ps doesn't show the passwd.
|> A kludge but it works.
|> parris
-- .-----------------------------. | Todd M. Helfter | | tmh_at_staff.cc.purdue.edu | `-----------------------------'Received on Thu Mar 30 1995 - 00:00:00 CEST