Re: [Q] about hiding command line password in UNIX
From: Bill Eggers <beggers_at_cns.eds.com>
Date: 1998/03/26
Message-ID: <351ACB29.5212_at_cns.eds.com>#1/1
> # Overview: : Major Funcitionality hides password from ps command.
> # This script assumes the variables dbuser,dbpasswd and cur_env(database_name)
> # are already set up by the calling program.
> # The script can accept upto three agrgument. If more is needed
The problem with doing this is that you can see the user's environment variables dbuser, dbpasswd by typing
_at_$script_name $arg1 $arg2 $arg3
EOF
Date: 1998/03/26
Message-ID: <351ACB29.5212_at_cns.eds.com>#1/1
Sanjay T. Mathew wrote:
. . . > ---------------------------------------------------------------> #
> # TITLE : SQL*Plus Invoking Utility
> #
> # MODULE : sqp
> #
> # AUTHOR : Sanjay Mathew
> # Overview: : Major Funcitionality hides password from ps command.
> # This script assumes the variables dbuser,dbpasswd and cur_env(database_name)
> # are already set up by the calling program.
> # The script can accept upto three agrgument. If more is needed
. . .
The problem with doing this is that you can see the user's environment variables dbuser, dbpasswd by typing
/usr/ucb/ps -auxwwe
(at least on Sun Solaris). I believe any BSD version of ps will do this. we have a slightly different version of your script,
which reads the username and password from a file instead. This way, the file can be secured from other users looking at it.#! /bin/sh
sqlplus -s << EOF
`cat /file/containing/connect/string`
echo
cur_env=$1
script_name=$2
arg1=$3 arg2=$4 arg3=$5
_at_$script_name $arg1 $arg2 $arg3
EOF
Bill Eggers beggers_at_cns.eds.comReceived on Thu Mar 26 1998 - 00:00:00 CET