Re: Hiding username/password from ps

randyd_at_cais3.cais.com (Randy Dewoolfson) writes:

>Andy Caiger (Andy.Caiger_at_bbsrc.ac.uk) wrote:
 

>: Hi,
 

>: We're running SQL*Plus and SQL*Forms from Tcl-Tk scripts on Solaris
>: 2.4 and we've noticed that if you put the username and password on the
>: command line they show up to anyone who does "ps -ef".
 

>: Has anyone discovered a way round this ? It looks like sqlplus might take
>: the password on the standard input, but what about runform ?
 

>: Looking forward to the answer....
 

>: Andy
 

>You can try to embed the user name and password in environment
>variables, and use these when you actually run the script. Then
>they will be invisible to ps.

This isn't necessarily an ORACLE issue to mask or hide system command line options. Embeding accounts and passwords in files is a potential security hole waiting to be opened. Writing a ps wrapper is necessarily, IMOP, a good idea either. Users can easily find the real ps and if done wrong, you can really screw your system.

Get the hide.c code from Oracle which pads command line arguments with 3000 blanks. Or, ask me to email it to you. Works great.

-- 
Neil Greene
Senior Oracle DBA / Unix System Administrator
SHL Systemhouse, Inc.  	LA Outsourcing Center 	
<HREF=mailto:ngreene_at_shl.com>
-- 
Neil Greene
Senior Oracle DBA / Unix System Administrator
SHL Systemhouse, Inc.  	LA Outsourcing Center 	
<HREF=mailto:ngreene_at_shl.com>