Who Is Logged-In on the Client?

If you are on a Microsoft Windows client or a UNIX client, the operating system (OS) retains knowledge of the identity you claimed when you authenticated or logged in. That identity is published in your environment settings for easy access from scripts, but the environment can be changed by those scripts so that, judging from your environment settings alone, you can spoof a different user.

To see this spoofing, bring up a command prompt window (on Windows) and type SET to see your settings. Perhaps you have a setting called USERNAME near the end. Observe what it is. In the same window, type:

set USERNAME=coffin

Now type SET again and observe what the value of USERNAME is. Note that this doesn't change your identity ...

Get Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.