Re: [Q] about hiding command line password in UNIX
From: Sherilyn <Sherilyn_at_sidaway.demon.co.uk>
Date: 1998/03/27
Message-ID: <6fgfj0$uod$1_at_nnrp1.dejanews.com>#1/1
Date: 1998/03/27
Message-ID: <6fgfj0$uod$1_at_nnrp1.dejanews.com>#1/1
In article <351ACB29.5212_at_cns.eds.com>,
beggers_at_cns.eds.com wrote:
[Solving password problems]
> The problem with doing this is that you can see the user's environment
> variables dbuser, dbpasswd by typing
>
> /usr/ucb/ps -auxwwe
>
> (at least on Sun Solaris). I believe any BSD version of ps
> will do this.
It's okay to use shell variables; what you must not do is export the password variable, because if you do it'll show up visibly in the environment of the shell's child processes (sqlplus, for example).
> #! /bin/sh
> sqlplus -s << EOF
> `cat /file/containing/connect/string`
etc
Not bad. And nothing to stop you stopping and asking for login string if it's interactive and especially sensitive.
-- Sherilyn -----== Posted via Deja News, The Leader in Internet Discussion ==----- http://www.dejanews.com/ Now offering spam-free web-based newsreadingReceived on Fri Mar 27 1998 - 00:00:00 CET