Re: Need advice on encrypting the password

From: Mladen Gogala <gogala.mladen_at_gmail.com>
Date: Tue, 26 Apr 2016 16:43:57 -0400
Message-ID: <571FD30D.70901_at_gmail.com>

Another trick would be to store password using un-crackable encryption, like rot13, and decrypt the password within the script.

On 4/26/2016 4:01 PM, Gus Spier wrote:
> In the Bad Old Days, the workaround was to store the plain text
> password as the only contents of a file that owned only by root with
> permissions set to 000. When the password was needed, su - to root,
> chmod the file to 400, read the contents of the file into a local
> variable. Then reset the permissions on root's file back to 000.
>
> Use the value of that local variable to accomplish work and then set
> the value of the variable to NULL.
>
> It wasn't perfect. It was torturous, but it seemed to keep us out of
> trouble. The value was vulnerable for a limited time, under the
> supervision of someone who was trustworthy enough to have root password.
>
> Regards,
>
> Gus
>
> On Tue, Apr 26, 2016 at 12:52 PM, Mladen Gogala
> <gogala.mladen_at_gmail.com <mailto:gogala.mladen_at_gmail.com>> wrote:
>
> On 04/26/2016 12:48 PM, Shastry(DBA) wrote:
>
> Hi Gurus,
>
> We have automated cloning tool which runs mainly as shell
> script. Our passwords are stored on a file which is required
> while cloning is in progress, the logic is to have both PROD
> and NONPROD credentials are stored in the flat file which will
> be read by the shell script. I want to know if there is a way
> to decrypt and encrypt back again once the clone process is
> done or is there is a better way to manage the script in
> storing passwords? Kindly share your advice.
>
> Thanks,
> Shankar
>
> You can use wallets. Wallet will enable you to do sqlplus
> /_at_tnsdesc as sysdba, as long as you have the proper certificate
> installed on the server. Oracle has actually done an excellent
> thing with wallets: they are secure, convenient and easy to use.
> Regards
>
> --
> Mladen Gogala
> Oracle DBA
> http://mgogala.freehostia.com
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

-- 
--
Mladen Gogala
Oracle Consultant
http://mgogala.freehostia.com

DISCLAIMER: I am solely responsible for any opinion expressed in this email


--
http://www.freelists.org/webpage/oracle-l

Received on Tue Apr 26 2016 - 22:43:57 CEST

This message: [ Message body ]
Next message: Mladen Gogala: "Multi-threaded LGWR"
Previous message: Schauss, Peter (ES & CSO): "Connecting a legacy Forms 6 application to a 12c database"
Maybe in reply to: Shastry(DBA): "Need advice on encrypting the password"
Next in thread: Thump CC: "Re: Need advice on encrypting the password"
Reply: Thump CC: "Re: Need advice on encrypting the password"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message