Hiding username/password when doing PS in unix

[slag]

I'm starting up a web application server on AIX and when I grep for my process, the username and password are shown right in the grep. obviously not a good thing for security reasons.

Anyone else have this problem, and, how did you solve it>?

 

[n0cmonkey]

Don't input passwords on the command line. Not sure if there's an AIXy way of working around the problem, but not causing the issue in the first place is the best solution.

 

[slag]

Originally posted by: n0cmonkey
Don't input passwords on the command line. Not sure if there's an AIXy way of working around the problem, but not causing the issue in the first place is the best solution.

yes, that would be the best way of solving this problem, but unfortunately, i can't control how the app is started... yet....

Any other way?

 

[Nothinman]

I'm not familiar with AIX but I know some other unixes let you configure them to only let you see your own processes, that would take care of it if the issue is other people figuring out the password. If you're worried about people getting the password who have access to either the root account or the account that the web application is running as then you're screwed no matter what.

 

[slag]

the problem is I'm starting an app server and developers who are in my cube can see the username/password when I don't want them to when I'm troubleshooting things. The solution I need to use is to make a password file and just call that instead of command line as stated above. I need to check into getting that done. thanks

 

[Ken g6]

The most secure setup would be to give your app server its own, less-privileged account. Though even then you might want a password file.