Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java

Who Is Logged-In on the Client?

If you are on a Microsoft Windows client or a UNIX client, the operating system (OS) retains knowledge of the identity you claimed when you authenticated or logged in. That identity is published in your environment settings for easy access from scripts, but the environment can be changed by those scripts so that, judging from your environment settings alone, you can spoof a different user.

To see this spoofing, bring up a command prompt window (on Windows) and type SET to see your settings. Perhaps you have a setting called USERNAME near the end. Observe what it is. In the same window, type:

set USERNAME=coffin

Now type SET again and observe what the value of USERNAME is. Note that this doesn't change your identity ...

Get Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java by David Coffin

Who Is Logged-In on the Client?

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly