[Progress Communities] [Progress OpenEdge ABL] Do not display plaintext password in ps (etc.) for sqlexp [or allow for .pf]

  • Thread starter Thread starter shaske1
  • Start date Start date
Status
Not open for further replies.
S

shaske1

Guest
I could not find an enhancement request entry relative to this KB article: Progress KB - How to hide sqlexp password in Unix process output? As described there, when using sqlexp with -user [user] -password [password], the plaintext password appears in 'ps' output. We note that even a root process password is readable by non-root users. Although some obfuscation is possible, it is unclear to me why displaying passwords in plaintext openly to other users is not considered a bug. Or at least considered a bug now if it was not in the original design. Alternatively - allow for a config file option (-pf) that minimally could be secured from the OS.

Continue reading...
 
Status
Not open for further replies.
Back
Top