O'Reilly logo

Expert Oracle and Java Security: Programming Secure Oracle Database Applications with Java by David Coffin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Who Is Logged-In on the Client?

If you are on a Microsoft Windows client or a UNIX client, the operating system (OS) retains knowledge of the identity you claimed when you authenticated or logged in. That identity is published in your environment settings for easy access from scripts, but the environment can be changed by those scripts so that, judging from your environment settings alone, you can spoof a different user.

To see this spoofing, bring up a command prompt window (on Windows) and type SET to see your settings. Perhaps you have a setting called USERNAME near the end. Observe what it is. In the same window, type:

set USERNAME=coffin

Now type SET again and observe what the value of USERNAME is. Note that this doesn't change your identity ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required