Re: Security question: sqlplus and the ps cmd on Unix

From: Joe Nardone <nardone_at_clark.net>
Date: 1995/03/30
Message-ID: <3ld2nr$iok_at_clarknet.clark.net>#1/1

Eli Haber (haber_at_panix.com) wrote:
: I am having a security problem with Oracle and Unix.

: The problem is this: If you use the Unix ps command to
: see what processes are running and you use the -f option,
: you can see the entire command line entered by another
: user, thus enabling you to see their password.

: Is there any way around this?

Yes- don't type your password on the command line.

This is not a security problem, this is carelessness on the part of your users.

SOme other possibilities on getting around this (with varying levels of security)-
1. use OPS$ accounts. THen they can log in to Oracle using

sqlplus /

2. tell them to create a shell script with the right permissions (700) that contains

sqlplus user/password

Joe

--

=------------------------------------------------------------------=
Joe Nardone          |  "                          ." - excerpt 
nardone_at_clark.net    |    from the Richard Nixon White House Tapes

Received on Thu Mar 30 1995 - 00:00:00 CEST

This message: [ Message body ]
Next message: Brian Graham: "Re: Security question: sqlplus and the ps cmd on Unix"
Previous message: Gary Gapinski: "Re: Security question: sqlplus and the ps cmd on Unix"
In reply to: Eli Haber: "Security question: sqlplus and the ps cmd on Unix"
In reply to Eli Haber: "Security question: sqlplus and the ps cmd on Unix"
Next in thread: Brian Graham: "Re: Security question: sqlplus and the ps cmd on Unix"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message