Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Workload Manager Toolkits User's Guide: Version A.01.10.01 > Chapter 2 HP-UX WLM Oracle Database Toolkit: Providing Database Metrics to WLM

What about security issues?
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

spacerspacerspacer
spacer
spacer
  		 
 

Be aware of the following security issues so that you can better protect your data.

Potential password visibility issue

With the wlmoradc utility, if --username and --passwd are used on the command line so that wlmoradc can connect to an instance, the username and password are visible via the UNIX ps command.

If this is a problem, place the username and password in an wlmoradc configuration file, setting them as follows:

$opt_username=”myname/mypassword”;

This data will not be visible via ps. Set the configuration file to be readable only by root, protecting the integrity of the password.

For information on the wlmoradc configuration file, see wlmoradc(1M).

Potential password visibility/file tampering

With the WLM and wlmoradc configuration files, be careful what commands are specified, and set the UNIX file permissions appropriately. In particular, having world write permissions on the file or placing the file in a world-writable directory could allow other users to edit or replace the file, causing wlmoradc or WLM to execute the new commands when it is next invoked.

Also, be sure to set the read permissions to limit access when either of these files contains a username and password for an instance.

Potential perl code issue in the configuration file

The wlmoradc configuration file is a perl file. It is specified through the wlmoradc command-line option --configfile file. This file is executed, so if it contains malicious commands, your system could be at risk.

Be careful what commands are specified, and set the UNIX file permissions appropriately for the configuration file. In particular, having world write permissions on the file or placing the file in a world-writable directory could allow other users to edit or replace the file, causing wlmoradc to execute the new commands when it is next invoked.

The wlmoradc tool issues a warning if the configuration file is world-writable or is in a world-writable directory, but still executes it. wlmoradc does not check the parent directories of the file.

Potential SQL code issue using --sqlfile file

The wlmoradc tool reads in the SQL file file when --sqlfile file is specified on the command line. This SQL file is executed; thus, malicious code could damage the database, or—via the SQL HOST command—damage or compromise the surrounding UNIX environment.

With the SQL file, be careful what commands are specified, and set the UNIX file permissions appropriately. In particular, having world write permissions on the file or placing the file in a world-writable directory could allow other users to edit or replace the file, causing wlmoradc to execute the new commands when it is next invoked.

The wlmoradc tool issues a warning if the SQL file is world-writable or is in a world-writable directory, but still executes it. It does not check the parent directories of the file.



Command reference
  		 


Troubleshooting  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2007 Hewlett-Packard Development Company, L.P.