Re: Security question: sqlplus and the ps cmd on Unix

From: Lee Parsons <lparsons_at_eskimo.com>
Date: 1995/04/12
Message-ID: <D6wFJB.nw_at_eskimo.com>#1/1

Joel Garry <joelga_at_rossinc.com> wrote:
>In article <D69wsM.6LE_at_eskimo.com> lparsons_at_eskimo.com (Lee Parsons) writes:
>>
>>You can front end sqlplus with a version that exec's the real sqlplus.
>>Your exec could pass on NO arguments (forcing the user to key in the user/pwd)
>>or you could put a bunch of spaces between sqlplus and the username/password
>>combination. ps normally doesn't display the 500th character on the command
>>line.
>
>It does on hp/ux.

But does it display 2000 characters. I cant test hp/ux but the point is that exec handles a very long input string and ps only displays a long string.

Can you vary the magic imput number and find a length that isn't displayed?

-- 
Regards, 

Lee E. Parsons                  		
Systems Oracle DBA	 			lparsons_at_world.std.com

Received on Wed Apr 12 1995 - 00:00:00 CEST

This message: [ Message body ]
Next message: bagley: "Re: Security question: sqlplus and the ps cmd on Unix"
Previous message: Phillip M. Hamsey: "Re: Good 3rd. Party Report Writing Tools????"
Maybe in reply to: Dave Mausner: "Re: Security question: sqlplus and the ps cmd on Unix"
Next in thread: bagley: "Re: Security question: sqlplus and the ps cmd on Unix"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message