Re: [Q] about hiding command line password in UNIX

From: John P. Higgins <jh33378nospam_at_deere.com>
Date: 1998/03/26
Message-ID: <351AD3B3.66D9_at_deere.com>#1/1


There are versions of the ps command that reveal each process's environment. If that is true on your system, it is not safe to have passwords as environment variables.

Sanjay T. Mathew wrote:
>
> Yes you can do it. I have a written a small utility which is just a layer
> over sqlplus
> and you can pass arguments to it. The utilitty reads the password and the
> userid
> from a setup file. The script file is attached.
> In the script variables dbuser , dbpasswd , and cur_env
> are set up after reading from a enviornment file.
>
> Cheers
> Sanjay T. Mathew
> Oracle 7 Certified DBA.
>
> Poorna Prakash wrote:
>
> Poorna Prakash wrote:
>
> > Hi Folks,
> >
> > When invoking SQL scripts with parameters (&1,&2...), from the operating
> > system, I specify the parameters on the command line. Since some of the
> > scripts have several 'CONNECT' statements, I pass passwords
> > of user accounts.
> >
> > In Unix the command to check process information, ps -ef, displays
> > the programs currently executing and there I see my program with the
> > password, which I entered on the command line.
> >
> > Is there a way by which I could suppress, by specifying a password file
> > which sqlplus executable will look for to match a user account. A very
> > similar example would be, the command ftp which looks for file '.netrc'
> > to connect to a remote machine when invoked using 'here documents', in a
> > shell program.
> >
> > Any suggestion is very much appreciated. Thanks.
> >
> > -Poorna Prakash
> > Oracle DBA
>
> ---------------------------------------------------------------
> # TITLE : SQL*Plus Invoking Utility
> #
> # MODULE : sqp
> #
> # AUTHOR : Sanjay Mathew
> #
> # Overview: : Major Funcitionality hides password from ps command.
> # This script assumes the variables dbuser,dbpasswd and cur_env(database_name)
> # are already set up by the calling program.
> # The script can accept upto three agrgument. If more is needed
> # it can be added.
> #
> # Usage : sqp <instance name> <script name> [arg1] [arg2] [arg3] [arg4]
> #
> # Arguments : $1 Database Name
> # $2 Script Name
> # $3 1st Argument to the SQL Script in Argument No 2
> # $4 2nd Argument to the SQL Script in Argument No 2
> # $5 3nd Argument to the SQL Script in Argument No 2
> #
> # Calls:
> #
> # Change History:
> # Change History:
> #
> # Ver Date Amended by Reason
> # --- ---- ---------- ------
> # 1.0 121097 S Mathew Initial
> #
> # *********************************************************
> #echo $$
> #echo $*
> #echo $0
>
> #
> # Initializing Variables
> #
> echo
> cur_env=$1
> script_name=$2
> arg1=$3
> arg2=$4
> arg3=$5
> sqlplus -s << EOF
> $dbuser/$dbpasswd_at_$cur_env
> _at_$script_name $arg1 $arg2 $arg3
> EOF
>
> #
> # End of Script
> #
Received on Thu Mar 26 1998 - 00:00:00 CET

Original text of this message