On Tue, 16 Dec 2003, Carel-Jan Engel wrote: > Don't know this particular one, but ran into a shell on HP-UX with similar > capabilities. I was a developer those days, and the feature I liked most > was its capability to unveil sys/system passwords. Just get this shell > running and ask the DBA to do something from your terminal. After that, the > non-echoed password will be perfectly visible in command-line history > (after the DBA left the scene, of course). They never found out how we were > able to discover their passwords. I think it's now safe to spread the > knowledge around. > Heh. Yeah, there's something on Linux called 'script' that would do that. Basically spawns a shell and sends all the output from that session to a file.
> Does this tool have the same 'functionality'? So, be carefull, or take > advantage of it ;-). Nope, the only history it stores are the commands you type once the program it execs is fired up. Now, if you connect scott/tiger from within sqlplus, you're on thin ice, but I usually specify which user/db I'm connecting to on the command-line and let SQL*Plus ask me for my password. -- Dan ======================================================================== Daniel Hanks - Systems/Database Administrator About Inc., Web Services Division ======================================================================== -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Daniel Hanks INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
