In ntfs you can set permissions on a file . But that wouldn't stop a
member of the adminstrator group.
What you need to do is to aditionally encrypt the file or folder as well.
Then no one else can even list the contents of the folder, not even another
administrator. In xp its as easy as right clicking the file/folder ,
select properties , advanced, 'encrypt contents to secure data'. Now every
time you need access just double click the file/folder. Decryption is
allowed only for you and occurs on the fly and transparently. But make sure
you backup your certificates just in case the
system crashes and you have to reinstall. You can then import your
certificates and decrypt this folder.
----- Original Message -----
To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]>
Sent: Wednesday, September 24, 2003 18:49
In Windows2000 you can encrypt a file... Not sure how well that would work
though, since if you install your software as local administrator (not good
practice) then anyone else who logs in as administrator would be able to see
/ run the file too...
Patrice.
-----Original Message-----
Sent: Wednesday, September 24, 2003 9:55 AM
To: Multiple recipients of list ORACLE-L
Jared,
You said:
"One of the problems with Windohs is that you cannot execute a script
or program so that it can return a value to a local environment variable."
This is true. But to accomplish the same functionality, you can dynamically
create a temporary .bat file that creates the environmental and then execute
that bat file.
Unfortunately on Windows, anything that you do can be repeated by someone
else who logs onto the system. I guess you could secure a folder that only
the Oracle account could see, and have these scripts placed in those folders
so that the other users cannot get into them without rebooting the machine
and bringing it up in DOS mode. That (I think) would prevent snooping. Not
sure though.
Tom Mercadante
Oracle Certified Professional
-----Original Message-----
Sent: Tuesday, September 23, 2003 6:00 PM
To: Multiple recipients of list ORACLE-L
Paul,
Any chance these scripts could be run from Cygwin, Uwin, MKS Toolkit,
or anything that will let you use a korn shell?
That would simplify things tremendously.
One of the problems with Windohs is that you cannot execute a script
or program so that it can return a value to a local environment variable.
That ability would make this task simple from command.com.
Another possibility is to put your passwords in the registry, restrict that
portion of the registry, ( or the whole thing ), and use a Perl script to
retrieve
the passwords and kick off the other jobs.
What I do in linux is use a password server ( as seen in "Perl for Oracle
DBA's")
and retrieve the password across the network, encrypted of course.
This works on windows as well, though you're there restricted to doing this
strictly from within the Perl script.
Jared
[EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
09/23/2003 01:49 PM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L
<[EMAIL PROTECTED]>
cc:
Subject: RE: Hiding passwords
Tom,
As Dave Barry would say, Har!
Unfortunately, we are talking about 3rd-party people who have the 'right' to
log in for support (debugging their ^%(^#@ products, and installing
updates). I've got them under local admin accounts (as opposed to domain
accounts), so they can only get to their own servers. BUT... that's as far
as I can go to secure things except at the folder level (and Oracle loves it
(!) when you try and do folder security on the datafiles, controlfiles,
etc.). I appreciate the thought, but you did not go far enough... Kill them
all, and save on security hardware. Any workable ideas?
Desperately yours,
Paul R. Sherman
DBA/Sr. Appl. Analyst
Bacou-Dalloz
office - 401-232-1200 x200
cell - 401-935-2802
"Mercadante, Thomas F" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
09/23/2003 04:24 PM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L
<[EMAIL PROTECTED]>
cc:
Subject: RE: Hiding passwords
Paul,
It's simple really. Do not allow them to log-on to the Win2k server - don't
give them an account; keep the passwords secret; and keep the machine in a
locked room.
Tom Mercadante
Oracle Certified Professional
-----Original Message-----
Sent: Tuesday, September 23, 2003 4:15 PM
To: Multiple recipients of list ORACLE-L
Hello,
If you do that in Win2k, then you have more env variables for 'authorized'
people to see when they do a SET <cr>.
Now, to be frank, I have an ulterior (a 'maxed-out' interior or exterior)
motive in this reply. I have yet to see an intelligent (never mind elegant)
of protecting system variables from someone's view when they do a SET in a
DOS session. You can keep them out of Control
Panel/System/Advanced/Environmental Variables, but you can't keep them out
of DOS, so whaddya do? That's what I want to know. Has anyone confronted
this issue and won?
Thank you,
Paul R. Sherman
DBA/Sr. Appl. Analyst
Bacou-Dalloz
office - 401-232-1200 x200
cell - 401-935-2802
"M.Godlewski" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
09/23/2003 02:15 PM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
cc:
Subject: Re: Hiding passwords
You could set up environment variables and then reference the environment
variable in your script.
HTH
M.
[EMAIL PROTECTED] wrote:
There is a good discussion in asktom website on this topic.
Here is the link :
http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:142212348
066
Hth.
Best Regards,
Prasad
"O'Neill, Sean"
non.ie> cc:
Sent by: Subject: Hiding passwords
[EMAIL PROTECTED]
.com
09/23/2003 10:24
AM
Please respond to
ORACLE-L
So the story goes like this. We're a NT/W2K shop. We have various scripts
that run DB related jobs but these are in plain text and we'd like to
"hide"
these passwords in some way to allow scripts to run but the passwords not
be
"visible" to potential prying eyes. Has anyone cracked this one yet. I've
had a trawl around MetaLink but found nothing of substance.
-------------------------
Seán O' Neill
Organon (Ireland) Ltd.
[subscribed: digest mode]
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: O'Neill, Sean
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVEE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
_____
Do you Yahoo!?
<http://us.rd.yahoo.com/evt=10469/*http://sitebuilder.yahoo.com> Yahoo!
SiteBuilder - Free, easy-to-use web site design software
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: <[EMAIL PROTECTED]
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
