Information
The Open Server 15.0 and SDK 15.0 client components for Sybase ASE, ESD #13 and above,
support concealment of input during isql sessions via the --conceal command line option.
Rationale:
The --conceal option is useful when entering sensitive information, such as passwords in
environments where echoed console input may be visible to multiple parties.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
1. Specify the --conceal command line option as follows, where <Wildcard> is the
character string that triggers isql to prompt for concealed input (note that this
default to the string :? if no wildcard is supplied):
isql --conceal '<Wildcard>'
Complete this example by including a command (like sp_password) and
demonstrating how passwords are concealed.