AWS AmazonRDS medium security documentation change
Summary
Updated SQL*Plus version example and added security note about password exposure
Security assessment
Added explicit warning about password exposure in shell history when using inline credentials, which addresses credential leakage vulnerability. Also updated version information.
Diff
diff --git a/AmazonRDS/latest/UserGuide/USER_ConnectToOracleInstance.SQLPlus.md b/AmazonRDS/latest/UserGuide/USER_ConnectToOracleInstance.SQLPlus.md index 29eba8ed0..1a8632a1d 100644 --- a//AmazonRDS/latest/UserGuide/USER_ConnectToOracleInstance.SQLPlus.md +++ b//AmazonRDS/latest/UserGuide/USER_ConnectToOracleInstance.SQLPlus.md @@ -30 +30 @@ You should see output similar to the following. - SQL*Plus: Release 12.1.0.2.0 Production on Mon Aug 21 09:42:20 2017 + SQL*Plus: Release 19.0.0.0.0 Production on Wed Jan 15 14:23:45 2025 @@ -38,0 +39,4 @@ After you enter the password for the user, the SQL prompt appears. +SQL*Plus prompts you for the password after you run the command. Alternatively, you can specify the password inline (for example, ``user_name`/`password`@(DESCRIPTION=...)`), but this approach exposes the password in your shell history. + +###### Note +