Re: Security question: sqlplus and the ps cmd on Unix
Date: 1995/04/20
Message-ID: <3n6aq1$dc1_at_sword.eng.pyramid.com>#1/1
bagley (bagley_at_vt.edu) wrote:
: You don't really have to go to all that trouble. Here is what I did.
: 1. Create a file that contains you id and password (ex larry/goodday).
: The files name could be logid.sql.
: 2. Make the file read/write only be the owner.
: 3. Create another file that is r/w/e by owner. I called mine sql.
: 4. In this file include the command sqlplus _at_logid.
: 5. To logon to sqlplus just execute the sql file. It will pickup the
: sqlplus command and should log you on to sqlplus.
: Now when someone uses the ps command all they should see is sqlplus
: _at_logon.
: FYI We are using version 7.0 of Oracle.
: If you chech the help sqlplus after logging on to sqlplus I think there
: is a blerb about the above procedures.
But others are still able to type "sqlplus security/breach"!!!
And what happens when you want to do "sqlplus security/breach _at_mysql"?
--
graeme
--
Disclaimer: The author's opinions are his own, and not necessarily
those of Pyramid Technology Ltd. or Pyramid Technology Inc.
---------------------------------------------------------------------------
-m------- Graeme Sargent Voice: +44 (0)252 373035
---mmm----- Senior Database Consultant Fax : +44 (0)252 373135
-----mmmmm--- Pyramid Technology Ltd. Telex: Tell who???
-------mmmmmmm- Farnborough, Hants GU14 7PL Email: graeme_at_pyra.co.uk
---------------------------------------------------------------------------
We have the technology. The tricky bit is learning how to use it.
Received on Thu Apr 20 1995 - 00:00:00 CEST