Re: Security question: sqlplus and the ps cmd on Unix

From: Sue Kudenchak <sarroyo_at_cnj.digex.net>
Date: 1995/04/03
Message-ID: <3lp2da$4fs_at_cnj.digex.net>#1/1

In article <3lhqma$l9i_at_mother.usf.edu>,
Mike Rife <rife_at_aarlo.moffitt.usf.edu> wrote:

>In article <3lc7cg$m8a_at_athos.cc.bellcore.com>, parris_at_walleye.esp.bellcore.com (Parris Geiser) says:
>>
>>Eli Haber (haber_at_panix.com) wrote:
>>> user, thus enabling you to see their password.

>>> Is there any way around this?
>>
>>I'll tell you what I did ...
>>Use sqlplus -S -S -S .......... scott/tiger
>>I.e., put in enough -S's so that the ps doesn't show the passwd.
>>A kludge but it works.
>> parris
>

All someone would have to do was redirect the output of this to a file and look at it - that kludge only pushes the password off the screen, unfortunately, it doesn't remove it from the output

>What we did on SCO Unix was to remove the 'mem' Unix priviledge for
>the users' Unix accounts. So now when they do the 'ps' command
>they only get information about their own account's processes. We
>made this the default for the creation of Unix accounts on our system.
>We enable it for developers.

I'm a Unix SA ( Sun Solaris and Sequent ), and have not heard of this 'mem' privilege. Is this specific to SCO?

-- 
--------------------------------------------------
Sue Kudenchak	Currently SKud, Formerly Sue Arroyo
Plan: 		To grow coconuts in Bora-Bora
Internet:	sarroyo_at_cnj.digex.com

Received on Mon Apr 03 1995 - 00:00:00 CEST

This message: [ Message body ]
Next message: Guenter Gersdorf: "Re: Forms 4 Multi-line-item"
Maybe in reply to: Dave Mausner: "Re: Security question: sqlplus and the ps cmd on Unix"
In reply to Tony Jambu: "Re: Security question: sqlplus and the ps cmd on Unix"
Next in thread: John Jones: "Re: Longest TAR Contest"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message