Who Is Logged-In on the Client?
If you are on a Microsoft Windows client or a UNIX client, the operating system (OS) retains knowledge of the identity you claimed when you authenticated or logged in. That identity is published in your environment settings for easy access from scripts, but the environment can be changed by those scripts so that, judging from your environment settings alone, you can spoof a different user.
To see this spoofing, bring up a command prompt window (on Windows) and type SET
to see your settings. Perhaps you have a setting called USERNAME
near the end. Observe what it is. In the same window, type:
set USERNAME=coffin
Now type SET
again and observe what the value of USERNAME
is. Note that this doesn't change your identity ...
Get Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.