RE: ps -ef | grep sqlplus

Tue, 19 Jun 2001 11:30:27 -0700 

Here is our method:

1. We save the passwords in a file using the OS level command CRYPT.
2. To run something we call a script file from Cron that first goes and gets
the encrypted password from config file.
3. Then we decrypt the password using CRYPT.
4. Then we start the sql process with the /nolog option.
5. Then we connect to the database using the connect
userid/password@database command.

This has a few advantages:
1. The passwords are not visible on the command line.
2. The passwords are not in every script file.  They are only kept in one
config file.
3. The config file only keeps encrypted passwords.



-----Original Message-----
Sent: Tuesday, June 19, 2001 1:38 PM
To: Multiple recipients of list ORACLE-L






hi,

do you know how to hide oracle passwords from ps -ef? we pass in our pw in
cron, and it shows up when you run ps -ef (to check unix processes). i
recognize that is this NOT a smart thing to do...

can anyone recommend a better way of supplying oracle passwords when
scripts are connecting to oracle? do you use config files that store
pws? just curious what everyone else is doing to plug this security hole.

thanks,
kris

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Kris Austin
  INET: [EMAIL PROTECTED]

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Kevin Lange
  INET: [EMAIL PROTECTED]

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).

Reply via email to