Do not invoke SQL*Plus with a password On UNIX and Linux platforms.
Most of us sometimes start SQL * Plus with a password on UNIX and Linux platforms without knowing security threat. For example, an application user connects SQL * Plus by passing username and password on Unix/Linux Server. $ sqlplus apps/apps@proddb Here the sqlplus command parameters are very much available for viewing by all operating system users on the same host computer; as a result, password entered on the command line could be exposed to other users, as below. $ ps -efgrep sqlplus oracle 14490 2190 0 16:31:53 pts/5 0:00 sqlplus apps/apps@proddb oracle 14493 14491 0 16:32:01 pts/5 0:00 grep sqlplus So, there might be a chance for an intruder to know the user id and password, and can connect to the database using that credentials. Then, following is the secure and best way of connecting SQL * Plus where the password is not exposed on the command line. $ sqlplus apps@proddb Enter password: **** Or, even not to expose the username and connecting string. $ sqlplus Ente...