Re: Security question: sqlplus and the ps cmd on Unix

From: Joel Garry <joelga_at_rossinc.com>
Date: 1995/04/10
Message-ID: <1995Apr10.221026.781_at_rossinc.com>#1/1

In article <D69wsM.6LE_at_eskimo.com> lparsons_at_eskimo.com (Lee Parsons) writes:
>> Eli Haber (haber_at_panix.com) wrote:
>> The problem is this: If you use the Unix ps command to
>> see what processes are running and you use the -f option,
>> you can see the entire command line entered by another
>> user, thus enabling you to see their password.
>>
>> Is there any way around this?
>
>
>The short answer is change the way ps works or change the way sqlplus works.
>
>You can disable or front end ps so that regular users can't see comand
>line information.
>
>or
>
>You can front end sqlplus with a version that exec's the real sqlplus.
>Your exec could pass on NO arguments (forcing the user to key in the user/pwd)
>or you could put a bunch of spaces between sqlplus and the username/password
>combination. ps normally doesn't display the 500th character on the command
>line.

It does on hp/ux.

>
>Oracle Support will fax you a copy to do the latter if you ask. (And
>pay your support bills)
>
>--
>Regards,
>
>Lee E. Parsons
>Systems Oracle DBA lparsons_at_world.std.com

-- 
Joel Garry           joelga_at_amber.rossinc.com            Compuserve 70661,1534
These are my opinions, not necessarily those of Ross Systems, Inc.
%DCL-W-SOFTONEDGEDONTPUSH, Software On Edge - Don't Push.  
panic: ifree: freeing free inodes...

Received on Mon Apr 10 1995 - 00:00:00 CEST

This message: [ Message body ]
Next message: Tony Jambu: "Re: Trace Files(*.trc)"
Previous message: Balaji Palaniswamy: "request for faq site for oracle"
Maybe in reply to: Dave Mausner: "Re: Security question: sqlplus and the ps cmd on Unix"
Next in thread: Tony Jambu: "Re: Trace Files(*.trc)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message