Operating System - HP-UX
1839319 Members
2853 Online
110138 Solutions
New Discussion

Re: Encrypt/Hide Oracle UID/PWD

 
SOLVED
Go to solution
Ray Evans
Advisor

Encrypt/Hide Oracle UID/PWD

Our users connect to the Oracle (ver 7.3.x) SID on our HP-UX 10.2 box. When anyone does a ps -ef they see the Oracle ID and PWD of that user.

How can I mask/encrypt or hide this?
3 REPLIES 3
Thierry Poels_1
Honored Contributor

Re: Encrypt/Hide Oracle UID/PWD

Hi,
you should indeed never put your password on the command line, for the reason you mentionned.
Best workaround is to use OS Authentication, so users don't need to specify a username or a password. (so "sqlplus /" or "runform30x /" will do)
BTW this does not only apply to online user, but also to batch processes: you should never put any password in scripts.
good luck,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Ray Evans
Advisor

Re: Encrypt/Hide Oracle UID/PWD

Can you expand on you explanation?

I do not understand your use of "sqlplus /"

Thanks
Thierry Poels_1
Honored Contributor
Solution

Re: Encrypt/Hide Oracle UID/PWD

sure, here we go:
normally oracle users are created like:
CREATE USER "loginname" IDENTIFIED BY "somepassword";
(plus some other options like default tablespace etc., plus the necessary grants)
then they can login as:
sqlplus loginname/somepassword.

With OS Authentication Oracle will allow access if you are already authenticated (logged in) by the Operating System.
CREATE USER "ops$loginname" IDENTIFIED EXTERNALLY;
now the user can login as:
sqlplus /

note: the prefix 'OPS$' is defined by the parameter OS_AUTHENT_PREFIX in your initxxx.ora file. It's defaulted to 'OPS$' in Oracle 7.x. You can change this to "" (nothing) if you want the oracle login to be equal to the unix login.

good luck,
Thierry.

All unix flavours are exactly the same . . . . . . . . . . for end users anyway.