Hi,
about 3 months ago I sent this email to the list. Since then, nobody
has replied to it (at least I haven't seen any replies), and the
issue is still present in sapdb-srv74-7.4.3.10-1.
Could someone from SAP please comment?
Bye,
Peter
On Fri, Dec 06, 2002 at 11:29:00AM +0100, Peter Conrad wrote:
> Hi,
>
> (I'm talking about the version in sapdb-srv74-7.4.3.7beta-1.i386.rpm here.)
>
> The script /etc/init.d/sapdb74 contains a section for starting / stopping
> the example database after / before the XSERVER has been started / is
> stopped. It is commented out per default and looks like this:
>
> # to enable auto start/stop testdb remove following comments
> #echo -n "Starting TEST db: "
> #DBMCLI=$X_PATH/dbmcli
> #if [ ! -x $DBMCLI ]; then
> # echo "dbmcli not found" >&2
> # exit 5
> #fi
> #$DBMCLI -d TST -u dbm,dbm db_warm> /dev/null &
>
> The problem is that the DB operator username and password are specified
> on the commandline and are therefore visible to any local user who happens
> to run "ps -ax" at that time. Example:
>
> [EMAIL PROTECTED]:~ > ps -axwwwww|grep dbmcli
> 2325 pts/10 S 0:00 /opt/sapdb/indep_prog/bin/dbmcli -d TST -u DBM,DBM db_warm
> 2333 pts/7 S 0:00 grep dbmcli
> [EMAIL PROTECTED]:~ >
>
> While this is probably not a serious issue for the example database it
> could become serious if the example code is modified for a production
> database.
>
> I'd recommend changing the DBMCLI command to
>
> $DBMCLI -s -d TST <<__EOI__
> user_logon dbm,dbm
> db_warm
> __EOI__
>
> Bye,
> Peter
--
Peter Conrad Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH Fax: +49 6102 / 80 99 071
Bahnhofstr. 18
63263 Neu-Isenburg
Germany
_______________________________________________
sapdb.general mailing list
[EMAIL PROTECTED]
http://listserv.sap.com/mailman/listinfo/sapdb.general
