Hi,
(I'm talking about the version in sapdb-srv74-7.4.3.7beta-1.i386.rpm here.)
The script /etc/init.d/sapdb74 contains a section for starting / stopping
the example database after / before the XSERVER has been started / is
stopped. It is commented out per default and looks like this:
# to enable auto start/stop testdb remove following comments
#echo -n "Starting TEST db: "
#DBMCLI=$X_PATH/dbmcli
#if [ ! -x $DBMCLI ]; then
# echo "dbmcli not found" >&2
# exit 5
#fi
#$DBMCLI -d TST -u dbm,dbm db_warm> /dev/null &
The problem is that the DB operator username and password are specified
on the commandline and are therefore visible to any local user who happens
to run "ps -ax" at that time. Example:
conrad@pratchett:~ > ps -axwwwww|grep dbmcli
2325 pts/10 S 0:00 /opt/sapdb/indep_prog/bin/dbmcli -d TST -u DBM,DBM db_warm
2333 pts/7 S 0:00 grep dbmcli
conrad@pratchett:~ >
While this is probably not a serious issue for the example database it
could become serious if the example code is modified for a production
database.
I'd recommend changing the DBMCLI command to
$DBMCLI -s -d TST <<__EOI__
user_logon dbm,dbm
db_warm
__EOI__
Bye,
Peter
--
Peter Conrad Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH Fax: +49 6102 / 80 99 071
Bahnhofstr. 18
63263 Neu-Isenburg
Germany
_______________________________________________
sapdb.general mailing list
[EMAIL PROTECTED]
http://listserv.sap.com/mailman/listinfo/sapdb.general
