Re: Keeping Passwords Secure

Mike DeVito <74634.3522_at_CompuServe.COM> wrote:
>In hp/ux there is a
>kernel parameter to limit the display of the command line from
>ps, which is the best that Oracle's own consultants have been
>able to come up with so far.

A kernel parameter to limit output from ps? If someone has asked me if such a beastie existed I would have have laughed in their face and told them to buy a OS book. What does this parameter do and what is it called.

Does it purchance control BSD vs SysV behavior? That would explain why it changeds ps' mannerisms. Pls drop me a line if you know.

>Please let me know if you come up with anything better!

Better is a subjective term. Oracle itself usually recommends you put a frontend on sqlplus, forms and whatever. the frontend would suck up the command line, put about a billion spaces between the first argument (sqlplus) and the second argument (scott/tiger) and exec the REAL sqlplus with the changed commandline. The spaces would prevent ps from displaying the password. if you call them and open a tar they will send you a copy of a program to do this. It is called hide.c

I dont really like this solution much however. It requires you to frontend a million Oracle programs and scripts. Sooner or later that will bite you. I would rather put some kind of front end on ps. The Unix boys wouldn't like it but it would be a single point solution

-- 
Regards, 

Lee E. Parsons                  		
Systems Oracle DBA	 			lparsons_at_world.std.com