Re: expdp as sys

From: Jack Applewhite <jack.applewhite_at_austinisd.org>
Date: Fri, 13 Nov 2015 18:13:50 +0000
Message-ID: <BY1PR0201MB0902736D982609A10F837A93E6110_at_BY1PR0201MB0902.namprd02.prod.outlook.com>

You can avoid using Sys for expdp and impdp to keep from embedding a password in the script by creating a DB User with sufficient privs to do Full jobs and making it OS Authenticated. The OS User's password is then managed separately and you can run all your impdp and expdp as that user.

Then your OS script just does this:

expdp / parfile=<YourParFile>

I know I'll get chastised for this, but we simply created a DB Account named Oracle that's a copy of System. Our cron jobs run as the OS account oracle on the DB server, authentication is simply / and away we go. We do change the oracle OS account PW on a regular basis, so we feel very secure doing it this way.

We're totally on 11gR2 but understand that OS Authentication goes away with 12c and the Container DB model. DANG!

Jack C. Applewhite - Database Administrator Austin I.S.D. - MIS Department
512.414.9250 (wk)

From: oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> on behalf of Howard Latham <howard.latham_at_gmail.com> Sent: Friday, November 13, 2015 9:41 AM To: Sweetser, Joe
Cc: ORACLE-L
Subject: Re: expdp as sys

thanks I read that before - not really convincing. Dp may leave a table in the sys schema and the password is discover-able. - not good practice but not a disaster!.

On 13 November 2015 at 15:38, Sweetser, Joe <JSweetser_at_icat.com> wrote:
> This thread has some of the reasoning behind it, I think.
>
> https://community.oracle.com/thread/2272386?tstart=0
>
> -joe
>
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Howard Latham
> Sent: Friday, November 13, 2015 8:24 AM
> To: ORACLE-L <oracle-l_at_freelists.org>
> Subject: expdp as sys
>
> Oracle 11.2.04
> REDHAT 5
> Anyone know if an expdp as sys user is useless in someway why do oracle advise against it?
>
>
> --
> Howard A. Latham
> --
> http://www.freelists.org/webpage/oracle-l
>
>

--
Howard A. Latham
--
http://www.freelists.org/webpage/oracle-l

Confidentiality Notice: This email message, including all attachments, is for the sole use of the intended recipient(s) and may contain confidential student and/or employee information. Unauthorized use of disclosure is prohibited under the federal Family Educational Rights & Privacy Act (20 U.S.C. §1232g, 34 CFR Part 99, 19 TAC 247.2, Gov’t Code 552.023, Educ. Code 21.355, 29 CFR 1630.14(b)(c)). If you are not the intended recipient, you may not use, disclose, copy or disseminate this information. Please call the sender immediately or reply by email and destroy all copies of the original message, including attachments. ��i��0��zX��+��n��{�+i�^ Received on Fri Nov 13 2015 - 19:13:50 CET

This message: [ Message body ]
Next message: Sandra Becker: "Exadata books for a beginner"
Previous message: Niall Litchfield: "Re: Free version of Delphix"
Maybe in reply to: Howard Latham: "expdp as sys"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message