Re: Security question: sqlplus and the ps cmd on Unix
Date: 1995/03/30
Message-ID: <D69wsM.6LE_at_eskimo.com>#1/1
> Eli Haber (haber_at_panix.com) wrote:
> The problem is this: If you use the Unix ps command to
> see what processes are running and you use the -f option,
> you can see the entire command line entered by another
> user, thus enabling you to see their password.
>
> Is there any way around this?
The short answer is change the way ps works or change the way sqlplus works.
You can disable or front end ps so that regular users can't see comand line information.
or
You can front end sqlplus with a version that exec's the real sqlplus. Your exec could pass on NO arguments (forcing the user to key in the user/pwd) or you could put a bunch of spaces between sqlplus and the username/password combination. ps normally doesn't display the 500th character on the command line.
Oracle Support will fax you a copy to do the latter if you ask. (And pay your support bills)
-- Regards, Lee E. Parsons Systems Oracle DBA lparsons_at_world.std.comReceived on Thu Mar 30 1995 - 00:00:00 CEST