Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Concealing SQL Loader password from ps -ef

Re: Concealing SQL Loader password from ps -ef

From: Don Granaman <>
Date: Fri, 02 Nov 2001 14:47:39 -0800
Message-ID: <>

There are a number of common techniques, but the one I prefer is to:

  1. create a text file with a set of usernames/passwords - one per line (e.g one line might be "sys change_on_install")
  2. Put the script somewhere secure and make it a hidden file (e.g. .userpass) Also, chmod it so only the owner can read or write.
  3. Call any script with: $ grep '^sys ' $HOME/.userpass | cut -d" " -f2 | sqlplus -s sys @scriptname.sql

This also works for sqlldr via something like: $ grep '^sys ' $HOME/.userpass | cut -d" " -f2 | sqlldr userid=sys controlfile=...

The advantage is that I have only one place to maintain passwords.

A variation on this theme is to include a tnsalias in the file also. I used this to run a set DB monitoring and configuration documentation scripts from an administrative node against 40+ databases and log the results into the admin DB. The only change is to use a file that has lines like: "sys_at_mydb change_on_install" and modify the grep accordingly.

A ksh driver script might look like

for tnsalias in `cat aliaslist`

    grep 'sys$@{tnsalias} ' $HOME/.userpass | cut -d" " -f2 | sqlplus -s sys@${tnsalias} @scriptname.sql done

(If the @ symbols cause grief, just escape them with \ )

BTW: I just used sys as an example. I am not encouraging you to do everything as sys!

-Don Granaman

> Simplest way is not to enter the password on the same line with the userid.
> If you wait for SQLPlus to prompt you for the password, it doesn't show up

> with ps -ef.
> On the other hand, doing this in a script is more problematical.
> have any examples?
(like subscribing).
Please see the official ORACLE-L FAQ:
Author: Don Granaman

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
To REMOVE yourself from this mailing list, send an E-Mail message
to: (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L

(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Received on Fri Nov 02 2001 - 16:47:39 CST

Original text of this message