SQL * Plus

Hello Everyone,
Here is my post for the week


SQL * Plus

SQL * Plus is a command-line interface and which is a most familiar face of the oracle database. It’s a client –server application which allows you to execute SQL statements and PL/SQL blocks. One of the most common use of SQL * plus is as an ad hoc query tool. It is used for database administration and operation functions, including creating database objects and structures, managing oracle user id’s and object security, starting up and shutting down database instances and so on. You can also type different sql statements, execute it and see what result comes back from the database.

Different ways of invoking SQL *Plus

Starting SQL * Plus:

1. Make sure that SQL * Plus is installed on your computer

2. /log on to the host operating system

3. Enter command, SQL Plus and press Return

SQL * plus displays version number, the current date, copyright information and prompts you for the authentication (username and password)

4. Enter user and password and press return.

The process of entering the username and password is called logging in.

5. Next it displays the SQL *Plus command prompt

SQL>

Starting SQL *Plus using password on OS Platform.

Well most of us starts SQL * Plus with a password on UNIX and Linux platforms without considering the security threats.

For example

$ Sqlplus ml/ml@testdb

Here the password entered on the command prompt is easily available to all the operating system users on the host machine to view and hack the password which is not a recommended method.

The intruders can easily hack the password by using

$ps –ef
grep Sqlplus

oracle 14490 2190 0 16:31:53 pts/5 0:00 sqlplus ml/ml@testdb

oracle 14493 14491 0 16:32:01 pts/5 0:00 grep Sqlplus

Best way of invoking Sqlplus without using the password is

$ Sqlplus ml@testdb

Enter Password: **

If you want to make it more safe you can also invoke Sqlplus using

$ Sqlplus

Enter username : ML@testdb

Enter Password : **

Or

$ Sqlplus /nolog

SQL > connect ml/ml@testdb

Or

$ Sqlplus /nolog

SQL> connect ml@testdb

Enter password: **

Note: All this depends on the OS make sure that you use a secure OS. In late 9i and in 10g the executable code became secure.

will appreciate your comments.
Regards,
Sowmya(OSR)