Re: Security question: sqlplus and the ps cmd on Unix

From: Parris Geiser <parris_at_walleye.esp.bellcore.com>
Date: 1995/03/29
Message-ID: <3lc7cg$m8a_at_athos.cc.bellcore.com>#1/1

Eli Haber (haber_at_panix.com) wrote:
> I am having a security problem with Oracle and Unix.

> We have Oracle 7.1 installed on a SCO Unix server. Often.
> people log in to the Server and run SQLPlus from there
> using the command line:

> sqlplus scott/tiger

> (Of course, they use their own Oracle ID and password.)

> The problem is this: If you use the Unix ps command to
> see what processes are running and you use the -f option,
> you can see the entire command line entered by another
> user, thus enabling you to see their password.

> Is there any way around this?

I'll tell you what I did ...
Use sqlplus -S -S -S .......... scott/tiger I.e., put in enough -S's so that the ps doesn't show the passwd. A kludge but it works.

parris Received on Wed Mar 29 1995 - 00:00:00 CEST

This message: [ Message body ]
Next message: Jaywant Rao: "Pro*C 2.0/Solaris2.4/GCC Compiler"
In reply to Eli Haber: "Security question: sqlplus and the ps cmd on Unix"
Next in thread: Mike Rife: "Re: Security question: sqlplus and the ps cmd on Unix"
Reply: Todd Helfter: "Re: Security question: sqlplus and the ps cmd on Unix"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message