Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Embeded password in script

RE: Embeded password in script

From: Nguyen, David M <david.m.nguyen_at_xo.com>
Date: Tue, 25 Feb 2003 06:24:04 -0800
Message-ID: <F001.00558748.20030225062404@fatcity.com>


Thank you, Jared. I have the book you wrote and will look into it.

Regards,
David

-----Original Message-----
Sent: Monday, February 24, 2003 4:51 PM
To: Multiple recipients of list ORACLE-L

The 'hide.c' program can be implemented and compiled to prevent parameters from appearing to ps. I believe it still works properly on most flavors of unix.

For the "Perl for Oracle DBA's" book we wrote one utililty that I had wanted for some time, a password database.

For jobs that I plan to run regularly from cron, I use the password daemon pwd.pl and retrieve the passwords across the network ( encrypted with MD5 ).

If the job is a Perl script ( fairly likely around here ) the password can't appear to PS, as no password is ever used on the command line.

It's handy for command line stuff as well, as I only need rights to access the password database via the password daemon. I don't have to know the database passwords to login to the account.

e.g. sqlplus system/$(pwc.pl -instance dv01 -username jkstill)@dv01

This is the single most useful utility we put in that book IMO.

Jared

On Monday 24 February 2003 14:02, STEVE OLLIG wrote:
> i'll take the first one...
>
> on UNIX you could use a secret hidden file with appropriate permissions
> where each line has the format ORACLE_SID:USER:password
>
> then use awk to parse the file for the line with the correct $ORACLE_SID
> and $USER, and set an environment variable to the password string. Then
> your scripts could use that variable with sqlplus instead of the hardcoded
> password.
>
> in ksh it could look something like this:
> export password=\
> `awk -F: '$1 == "sid" && $2 == "dbimpl" {print $3}' mySecretHiddenFile`
>
> be warned that if you call sqlplus like this in your scripts:
> sqlplus dbimpl/${password} @SQLscript.sql
> someone could still see the Oracle password with a sneaky ps command while
> your script is running.
>
> a very similar approach could be taken with perl if awk isn't your cup of
> tea.
>
> -----Original Message-----
> Sent: Monday, February 24, 2003 2:54 PM
> To: Multiple recipients of list ORACLE-L
>
>
> I have been tasked to write a script to run SQL. I don't want a password
> field to be shown in the script. Does someone have run into this and have
> a better idea? For example, I have following line in my script.
>
> Sqlplus dbimpl/password @SQLscript.sql
>
>
> Also, from command line we go through following steps to shutdown
database,
> how do I code these steps in the script?
>
> $svrmgrl
> SVRMGRL>connect internal
> SVRMGRL>shutdown
>
>
> Thanks in advance,
> David

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Jared Still
  INET: jkstill_at_cybcon.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Nguyen, David M
  INET: david.m.nguyen_at_xo.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Tue Feb 25 2003 - 08:24:04 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US