Hi Alan, Well you do have a point! We're only setting the environment variables that Oracle needs to be able to connect to the database - but still, you do have a point. If there's a better way of doing this I think it could be less of a worry for us. So if you have any suggestions we'd be most grateful.
thanks, Sally Fetouh >Message: 3 >From: "Alan DeKok" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: Exec-Program-Wait > > That's called "security". Are you *sure* that you want shell >scripts executed with all of the login environment variables set? The >answer is almost always NO. > > More information given to a shell script means more possibilities >for that information to be abused to attack your system. e.g. Sending >User-Name with magic shell characters in it, in the hope that dumb >scripts will use them as-is. > > > I would strongly recommend setting only the MINIMUM environment >variables in the script. That will make things much safer. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
