| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.tools -> Re: Passwords
Jim wrote:
>
> People,
>
> Do not use the sqlplus username/password when logging onto Oracle.
>
> By doing a simple ps -ef | grep sqlplus, usernames and passwords are
> clearly visible.
>
> Example:
> sqlplus lcos_owner/?????????????????
>
> Since this has the word owner, one would guess that this could be
> production data. Guess the person isn't smart enough to realize that
> they could jepardize the data and it's integrity.
>
> Be smart....just enter sqlplus THEN your username and password.
>
> Jim
> --
> I'm too busy at work to waste billable time to answer questions.
If you are running scripts in cron and need to enter a username/password, you can use input redirection to hide the info from prying eyes. In the example below, everything between the EOF markers is sent to the program after it is invoked. Someone using ps would see that you are running sqlplus, but would not see your username/password.
sqlplus <<EOF
myuser/mypassword
@myscript.sql
exit
EOF
Note that although we realize that is it sometimes necessary to
hard-code passwords in script files, it would be much better if you set
up the oracle accounts that you use through cron as OPS$ accounts so
that all you need to specify as a username/password is '/'.
-- Bob Swisshelm Eli Lilly and Company swisshelm_at_lilly.comReceived on Mon Mar 03 1997 - 00:00:00 CST
 |
 |