Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

Encrypt/Hide Oracle UID/PWD

SOLVED
Go to solution
Ray Evans
Advisor

Encrypt/Hide Oracle UID/PWD

Our users connect to the Oracle (ver 7.3.x) SID on our HP-UX 10.2 box. When anyone does a ps -ef they see the Oracle ID and PWD of that user.

How can I mask/encrypt or hide this?
3 REPLIES
Thierry Poels_1
Honored Contributor

Re: Encrypt/Hide Oracle UID/PWD

Hi,
you should indeed never put your password on the command line, for the reason you mentionned.
Best workaround is to use OS Authentication, so users don't need to specify a username or a password. (so "sqlplus /" or "runform30x /" will do)
BTW this does not only apply to online user, but also to batch processes: you should never put any password in scripts.
good luck,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Ray Evans
Advisor

Re: Encrypt/Hide Oracle UID/PWD

Can you expand on you explanation?

I do not understand your use of "sqlplus /"

Thanks
Thierry Poels_1
Honored Contributor
Solution

Re: Encrypt/Hide Oracle UID/PWD

sure, here we go:
normally oracle users are created like:
CREATE USER "loginname" IDENTIFIED BY "somepassword";
(plus some other options like default tablespace etc., plus the necessary grants)
then they can login as:
sqlplus loginname/somepassword.

With OS Authentication Oracle will allow access if you are already authenticated (logged in) by the Operating System.
CREATE USER "ops$loginname" IDENTIFIED EXTERNALLY;
now the user can login as:
sqlplus /

note: the prefix 'OPS$' is defined by the parameter OS_AUTHENT_PREFIX in your initxxx.ora file. It's defaulted to 'OPS$' in Oracle 7.x. You can change this to "" (nothing) if you want the oracle login to be equal to the unix login.

good luck,
Thierry.

All unix flavours are exactly the same . . . . . . . . . . for end users anyway.