HPE Community
Operating System - HP-UX
1848809 Members
7962 Online
104037 Solutions
New Discussion

Re: securing plain text passwords

 
SOLVED
Go to solution
Tom Elder
Advisor

‎02-28-2002 10:22 AM

‎02-28-2002 10:22 AM

securing plain text passwords

is there a way to secure plain text passwords in a script that you need to pass a password to an application like a database ?
0 Kudos
Reply
7 REPLIES 7
Alan Riggs
Honored Contributor

‎02-28-2002 10:30 AM

‎02-28-2002 10:30 AM

Re: securing plain text passwords

Not that I know of. If you really must hardcode an id/password in a script (as for sqlplus connections) make sure that the script itself can be read only by users who already have access to that id. If regular file permissions do not allow the granularity you need, use ACLs.
0 Kudos
Reply
Tom Elder
Advisor

‎02-28-2002 11:49 AM

‎02-28-2002 11:49 AM

Re: securing plain text passwords

I will look up ACL's in my man pages but I was not aware of their use outside of routers and such. Can you point me in a direction for my research?

thanks
tom
0 Kudos
Reply
Eric Ladner
Trusted Contributor

‎02-28-2002 01:15 PM

‎02-28-2002 01:15 PM

Re: securing plain text passwords

Also, be aware that if you log into a database like so:

sqlplus scott/tiger

Everybody and their brother on the machine can do a ps -ef and see your password in the process list.

This works:

USERID=scott/tiger
sqlplus <$USERID
select sysdate from dual;
EOF

Your password won't show up on the command line that way. Of course, different applications may have different issues.
0 Kudos
Reply
K.Vijayaragavan.
Respected Contributor

‎02-28-2002 10:22 PM

‎02-28-2002 10:22 PM

Solution

Re: securing plain text passwords

Have you seen,

#man setkey
#man makekey
#man crypt
#man encrypt

-K.Vijay
"Let us fine tune our knowledge together"
Reply
Volker Borowski
Honored Contributor

‎03-01-2002 01:53 AM

‎03-01-2002 01:53 AM

Re: securing plain text passwords

You might consider to use the OPS$ connect from Oracle.

Do not know if this helps
Volker
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎03-01-2002 02:01 AM

‎03-01-2002 02:01 AM

Re: securing plain text passwords

Hi,

If sudo doesn't suit your needs, then use restricted sam.

Give the script only -r-x------ (chmod 0500) permissions for the owner called eg. sqlmod.

Subsequently, add this script to sam and configure restricted sam for this script:

$ sam -r

A user sqluser1 can thus execute the script from sam without the ability to read the script owned by sqlmod.

$ /usr/sbin/sam

Another alternative is to wrap your script in a C program, but this is not foolproof.

Hope this helps. Regards.

Steven Sim Kok Leong
Reply
Tom Elder
Advisor

‎03-06-2002 01:42 PM

‎03-06-2002 01:42 PM

Re: securing plain text passwords

thanks for the help; you have given me several ways to try to implement my task.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.