RE: Embeded password in script

Jared:

How do you do this for an export cron job ?

Thanks

David Jones
ITResource

-----Original Message-----
Sent: Monday, February 24, 2003 2:51 PM
To: Multiple recipients of list ORACLE-L

The 'hide.c' program can be implemented and compiled to prevent parameters from appearing to ps. I believe it still works properly on most flavors of unix.

For the "Perl for Oracle DBA's" book we wrote one utililty that I had wanted for some time, a password database.

For jobs that I plan to run regularly from cron, I use the password daemon pwd.pl and retrieve the passwords across the network ( encrypted with MD5 ).

If the job is a Perl script ( fairly likely around here ) the password can't appear to PS, as no password is ever used on the command line.

It's handy for command line stuff as well, as I only need rights to access the password database via the password daemon. I don't have to know the database passwords to login to the account.

e.g. sqlplus system/$(pwc.pl -instance dv01 -username jkstill)@dv01

This is the single most useful utility we put in that book IMO.

Jared

On Monday 24 February 2003 14:02, STEVE OLLIG wrote:
>i'll take the first one...
>
>on UNIX you could use a secret hidden file with appropriate permissions
>where each line has the format ORACLE_SID:USER:password
>
>then use awk to parse the file for the line with the correct $ORACLE_SID
>and $USER, and set an environment variable to the password string. Then
>your scripts could use that variable with sqlplus instead of the hardcoded
>password.
>
>in ksh it could look something like this:
>export password=\
>`awk -F: '$1 == "sid" && $2 == "dbimpl" {print $3}' mySecretHiddenFile`
>
>be warned that if you call sqlplus like this in your scripts:
>sqlplus dbimpl/${password} @SQLscript.sql
>someone could still see the Oracle password with a sneaky ps command while
>your script is running.
>
>a very similar approach could be taken with perl if awk isn't your cup of
>tea.
>
>-----Original Message-----
>Sent: Monday, February 24, 2003 2:54 PM
>To: Multiple recipients of list ORACLE-L
>
>
>I have been tasked to write a script to run SQL. I don't want a password
>field to be shown in the script. Does someone have run into this and have
>a better idea? For example, I have following line in my script.
>
>Sqlplus dbimpl/password @SQLscript.sql
>
>
>Also, from command line we go through following steps to shutdown database,
>how do I code these steps in the script?
>
>$svrmgrl
>SVRMGRL>connect internal
>SVRMGRL>shutdown
>
>
>Thanks in advance,
>David

--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Jared Still
  INET: jkstill_at_cybcon.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: David Jones
  INET: djones1688_at_hotmail.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).