Home » Infrastructure » Unix » Encrypt Password to connect to the back-end database
Encrypt Password to connect to the back-end database [message #160358] Fri, 24 February 2006 11:04 Go to next message
bheemsen
Messages: 13
Registered: February 2006
Junior Member
We have lots of Shell scripts where the password is hardcoded to
connect to the database(Oracle): Ex: sqlplus username/password

The password should not be in clear text & should be encrypted before
connecting to the backend. Oracle will not take encrypted passwords in my opinion to connect to the database.


I want to encrypt this hardcoded password & decrypt it to connect to the database. Can anyone help me or point me to links showing some examples.

Thanks
-Bheem
Re: Encrypt Password to connect to the back-end database [message #160381 is a reply to message #160358] Fri, 24 February 2006 20:53 Go to previous message
rleishman
Messages: 3728
Registered: October 2005
Location: Melbourne, Australia
Senior Member
This is a pretty popular request, but I've still not yet seen a good solution. Any such solution requires that the decryption key be stored somewhere, so you might as well just store the password where you were going to store the encryption key.

The absolute best way - and the one endorsed by Oracle - is to used Externally Authenticated Accounts. This means there is an Oracle account with the same name as your OS userid, and you connect with sqlplus /

I once worked in a place where the Oracle passwords were stored in a protected data file owned by the Oracle user. There was a simple C executable that accepted a user id as input, and gave the password as output. The C executable was able to read the protected file because it had SETUID bit (on Unix : -rws--x--x). Applications could connect using sqlplus usrid/`orapwd usrid`. This is probably as good as encryption, but does not work on Windows.
Previous Topic: HP-UX : Directory Alias & UNIX account
Next Topic: (database connection) unresolved sqlcxt
Goto Forum:
  


Current Time: Fri Nov 22 10:27:16 CST 2024