RE: how to hide oracle password from a unix ps -ef | grep?
One more... sqlplus <username/password statement1; statement2; exit EOF -Original Message-From: Tanel Poder [mailto:[EMAIL PROTECTED]Sent: Friday, January 16, 2004 12:35 PMTo: Multiple recipients of list ORACLE-LSubject: Re: how to hide oracle password from a unix ps -ef | grep? Few ideas: 1) sqlplus /nolog connect user/[EMAIL PROTECTED] 2) . $HOME/.orapwd sqlplus user/[EMAIL PROTECTED] (.orapwd script has to set environment variable ORAPWD to the password) 3) sqlplus [EMAIL PROTECTED] < $HOME/.orapwd (.orapwd must contain one line, the password) Tanel. - Original Message - From: Ryan To: Multiple recipients of list ORACLE-L Sent: Friday, January 16, 2004 8:04 PM Subject: how to hide oracle password from a unix ps -ef | grep? Is there a way to log into sqlplus without the username and password available to anyone who wants to grab it?
Re: how to hide oracle password from a unix ps -ef | grep?
> > 2) . $HOME/.orapwd > >sqlplus user/[EMAIL PROTECTED] > > This will actually show password because shell will interpret the ORAPWD > variable before passing the arguments to fork/exec combination. Password > will be clearly visible by "ps -ef". Yep, you're right... I missed this somehow... Thanks, Tanel. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Tanel Poder INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: how to hide oracle password from a unix ps -ef | grep?
On 01/16/2004 01:34:45 PM, Tanel Poder wrote: > Few ideas: > > 1) sqlplus /nolog >connect user/[EMAIL PROTECTED] This requres putting ASCII (non-encrypted) password in the SQL script. Not very safe. > > 2) . $HOME/.orapwd >sqlplus user/[EMAIL PROTECTED] This will actually show password because shell will interpret the ORAPWD variable before passing the arguments to fork/exec combination. Password will be clearly visible by "ps -ef". > > (.orapwd script has to set environment variable ORAPWD to the password) > > 3) sqlplus [EMAIL PROTECTED] < $HOME/.orapwd > > (.orapwd must contain one line, the password) This is semi-decent because password is still in an ASCII file, but hidden. Root (SA) can still read it. If that's acceptable, it's OK, provided that the protection mask is set properly. I would add 4) CREATE USER OPS$MLADEN identified externally - that uses OS authorization and can be easily cracked by root (su -) 5) Oracle advanced security. That is the best answer, supporting Radius, Kerberos and biometrics, but costs $$. I would use 4, despite oracle's claims that this type of authorization is "discouraged" or "deprecated". So is RBO and yet it lives on. That is only a marketing pitch. -- Mladen Gogala Oracle DBA -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Mladen Gogala INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: how to hide oracle password from a unix ps -ef | grep?
Google for hide.c -- Regards, Stephane Faroult Oriole Software -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Stephane Faroult INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: how to hide oracle password from a unix ps -ef | grep?
Ryan, check this out, if you haven't looked it already, it might help. http://www.orafaq.org/faqunix.htm#HIDEPSW thanks, senthil - Original Message - From: Ryan To: Multiple recipients of list ORACLE-L Sent: Friday, January 16, 2004 1:04 PM Subject: how to hide oracle password from a unix ps -ef | grep? Is there a way to log into sqlplus without the username and password available to anyone who wants to grab it?
Re: how to hide oracle password from a unix ps -ef | grep?
Few ideas: 1) sqlplus /nolog connect user/[EMAIL PROTECTED] 2) . $HOME/.orapwd sqlplus user/[EMAIL PROTECTED] (.orapwd script has to set environment variable ORAPWD to the password) 3) sqlplus [EMAIL PROTECTED] < $HOME/.orapwd (.orapwd must contain one line, the password) Tanel. - Original Message - From: Ryan To: Multiple recipients of list ORACLE-L Sent: Friday, January 16, 2004 8:04 PM Subject: how to hide oracle password from a unix ps -ef | grep? Is there a way to log into sqlplus without the username and password available to anyone who wants to grab it?
RE: how to hide oracle password from a unix ps -ef | grep?
start sqlplus then loginif a script is executing start sqlplus with /nolog then issue a connect command in the script... place the script in a secure location -Original Message-From: Ryan [mailto:[EMAIL PROTECTED]Sent: Friday, January 16, 2004 12:05 PMTo: Multiple recipients of list ORACLE-LSubject: how to hide oracle password from a unix ps -ef | grep? Is there a way to log into sqlplus without the username and password available to anyone who wants to grab it?
RE: how to hide oracle password from a unix ps -ef | grep?
Title: Message You can do any of: sqlplus /nolog connect user/[EMAIL PROTECTED] export TWO_TASK=whatever sqlplus user Password: xxx sqlplus [EMAIL PROTECTED] Password: xxx Mark J. Bobak Oracle DBA ProQuest Company Ann Arbor, MI "Imagination was given to man to compensate him for what he is not, and a sense of humor was provided to console him for what he is." --Unknown -Original Message-From: Ryan [mailto:[EMAIL PROTECTED] Sent: Friday, January 16, 2004 1:05 PMTo: Multiple recipients of list ORACLE-LSubject: how to hide oracle password from a unix ps -ef | grep? Is there a way to log into sqlplus without the username and password available to anyone who wants to grab it?
Re: how to hide oracle password from a unix ps -ef | grep?
Ryan wrote: Is there a way to log into sqlplus without the username and password available to anyone who wants to grab it? Try http://asktom.oracle.com/pls/ask/f?p=4950:8:12188015396454707431::NO::F4950_P8_DISPLAYID,F4950_P8_CRITERIA:142212348066, -- Bricklen Anderson, Database Administrator PresiNET Systems http://www.PresiNET.com Live Demo: https://www.presinet.com/secure/login -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Bricklen Anderson INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: how to hide oracle password from a unix ps -ef | grep?
Create a dummy user dummy with pw as dummy and only with create session priv. Execute a sql script which will connect to the username/pw and which does not have read privs at os level for others. May be someone on the list has a better idea. HTH GovindanK On Fri, 16 Jan 2004 10:04:35 -0800, "Ryan" <[EMAIL PROTECTED]> said: > Is there a way to log into sqlplus without the username and password > available to anyone who wants to grab it? -- http://www.fastmail.fm - Same, same, but different -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: GovindanK INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: how to hide oracle password from a unix ps -ef | grep?
Sure. Create the database userid so that it is authenticated externally (Identfied externally). Then the userid can log in via SQL*Plus using a "/" instead of a userid or password. The OS userid should be a controlled account so that everyone and his grandmother cannot log into it. If it is a matter of encryption, turn on encryption by adding the encryption login parameter to the sqlnet.ora file. RWB Reginald W. Bailey IBM Global Services JPMC Account - DCI ETS Database Management Your Friendly Neighborhood DBA 713-216-7703 (Office) 281-798-5474 (Mobile) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ox.net To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED] Subject: how to hide oracle password from a unix ps -ef | grep? ity.com 01/16/2004 12:04 PM Please respond to ORACLE-L Is there a way to log into sqlplus without the username and password available to anyone who wants to grab it? -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
how to hide oracle password from a unix ps -ef | grep?
Is there a way to log into sqlplus without the username and password available to anyone who wants to grab it?