masking script argument passing

I have a commercial package that uses a script to initiate a resident process to set up an interface to a database.  This script passes database information (like SID to use for login) as arguments to this process, which all arguments are clearly visible when you do a ps.

The user implementing this script needs more than one instance of this process running, and to do this he also has to additionally supply id and password information as arguments to this program.  This is terribly insecure since anyone who manages to do a ps can see the password.  Can anyone suggest a way to hide this information without having to muck about in the commercial package's programming (since I am not a programmer and don't have access to their source)?
marlahAsked:
Who is Participating?
 
dhmConnect With a Mentor Commented:
You can't hide program arguments and environment variables from everbody on every system type (you *can* do it sometimes, on some systems), but I've never seen a way to do it in a shell script (and certainly not a portable way that works on most or all systems).  The only real way to keep the Username/Password out of the environment and off the command line is to send them directly to the program, when it asks for them.  If you're using a product like Oracle (I'm guessing from your mention of "SID"), then you may be able to put the sensitive information in a script file.  For example, if you wanted to log into SQL*PLUS and execute a query, you could create a file containing:

username/password
select sysdate from dual;
quit

and then run it like this:

$ sqlplus < my-script

You can set the permissions on "my-script" so that only the people who need to use it can read it; others can't see "username" and "password".
0
 
marlahAuthor Commented:
Edited text of question
0
All Courses

From novice to tech pro — start learning today.