Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Embeded password in script
Thank you, Jared. I have the book you wrote and will look into it.
Regards,
David
-----Original Message-----
Sent: Monday, February 24, 2003 4:51 PM
To: Multiple recipients of list ORACLE-L
The 'hide.c' program can be implemented and compiled to prevent parameters from appearing to ps. I believe it still works properly on most flavors of unix.
For the "Perl for Oracle DBA's" book we wrote one utililty that I had wanted for some time, a password database.
For jobs that I plan to run regularly from cron, I use the password daemon pwd.pl and retrieve the passwords across the network ( encrypted with MD5 ).
If the job is a Perl script ( fairly likely around here ) the password can't appear to PS, as no password is ever used on the command line.
It's handy for command line stuff as well, as I only need rights to access the password database via the password daemon. I don't have to know the database passwords to login to the account.
e.g. sqlplus system/$(pwc.pl -instance dv01 -username jkstill)@dv01
This is the single most useful utility we put in that book IMO.
Jared
On Monday 24 February 2003 14:02, STEVE OLLIG wrote:
> i'll take the first one...
>
> on UNIX you could use a secret hidden file with appropriate permissions
> where each line has the format ORACLE_SID:USER:password
>
> then use awk to parse the file for the line with the correct $ORACLE_SID
> and $USER, and set an environment variable to the password string. Then
> your scripts could use that variable with sqlplus instead of the hardcoded
> password.
>
> in ksh it could look something like this:
> export password=\
> `awk -F: '$1 == "sid" && $2 == "dbimpl" {print $3}' mySecretHiddenFile`
>
> be warned that if you call sqlplus like this in your scripts:
> sqlplus dbimpl/${password} @SQLscript.sql
> someone could still see the Oracle password with a sneaky ps command while
> your script is running.
>
> a very similar approach could be taken with perl if awk isn't your cup of
> tea.
>
> -----Original Message-----
> Sent: Monday, February 24, 2003 2:54 PM
> To: Multiple recipients of list ORACLE-L
>
>
> I have been tasked to write a script to run SQL. I don't want a password
> field to be shown in the script. Does someone have run into this and have
> a better idea? For example, I have following line in my script.
>
> Sqlplus dbimpl/password @SQLscript.sql
>
>
> Also, from command line we go through following steps to shutdown
database,
> how do I code these steps in the script?
>
> $svrmgrl
> SVRMGRL>connect internal
> SVRMGRL>shutdown
>
>
> Thanks in advance,
> David
-- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jared Still INET: jkstill_at_cybcon.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Nguyen, David M INET: david.m.nguyen_at_xo.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Tue Feb 25 2003 - 08:24:04 CST