| Subject | Re: [firebird-support] Re: Hibernate, alter table and single user |
|---|---|
| Author | Helen Borrie |
| Post date | 2005-03-09T03:05:26Z |
At 12:42 AM 9/03/2005 +0100, you wrote:
user name and password in the command-line command doesn't show up anywhere
- except in the open scroll buffer, of course. One hopes people don't
leave command windows open so others can poke around in their scroll
buffers during coffee breaks....
But, if the ennvars are set for the user's profile, anyone can open a
command window on the unattended logged-in machine and use "set" to read
the envvars.
Note too that, if you start the isql or gsec interactive shell with user
and password params, Windows kindly displays the user name and password in
the title bar.
./heLen
>Helen Borrie wrote:Good point, though I wasn't talking about Linux. On Windows, supplying the
> >>On page 836 it said I could do this for a local connection, so I did:
> >>
> >>SET ISC_USER=SYSDBA
> >>SET ISC_USER=masterkey
> >
> > It's more secure to use -u sysdba -pass masterkey in the command line
> instead.
>
>Not really. I don't know for Windows, but on Linux any user can run
>"ps auxwww" and read the password in clear text. Having env. variables
>only for single user that is using them, and saved in file that only
>he has access, is more secure option.
user name and password in the command-line command doesn't show up anywhere
- except in the open scroll buffer, of course. One hopes people don't
leave command windows open so others can poke around in their scroll
buffers during coffee breaks....
But, if the ennvars are set for the user's profile, anyone can open a
command window on the unattended logged-in machine and use "set" to read
the envvars.
>Unless if by "secure" you really meant "more reliable" ?No more or less "reliable", unless one is prone to typos, I suppose.
Note too that, if you start the isql or gsec interactive shell with user
and password params, Windows kindly displays the user name and password in
the title bar.
./heLen