Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Concealing SQL Loader password from ps -ef

Re: Concealing SQL Loader password from ps -ef

From: Don Granaman <granaman_at_home.com>
Date: Fri, 02 Nov 2001 14:47:39 -0800
Message-ID: <F001.003BBB21.20011102150018@fatcity.com> 






There are a number of common techniques, but the one I prefer is to:



    
  
  1.   create a text file with a set of usernames/passwords - one per line
    (e.g one line might be "sys change_on_install")

  
  2.   Put the script somewhere secure and make it a hidden file (e.g.
.userpass)  Also, chmod it so only the owner can read or write.

  
  3.   Call any script with:
$ grep '^sys ' $HOME/.userpass | cut -d" " -f2 | sqlplus -s sys
@scriptname.sql






This also works for sqlldr via something like:
$ grep '^sys ' $HOME/.userpass | cut -d" " -f2 | sqlldr userid=sys
controlfile=...



The advantage is that I have only one place to maintain passwords.



A variation on this theme is to include a tnsalias in the file also.
I used this to run a set DB monitoring and configuration documentation
scripts  from an administrative node against 40+ databases and log the
results into the admin DB.  The only change is to use a file that has
lines like: "sys_at_mydb change_on_install" and modify the grep
accordingly.



A ksh driver script might look like



for tnsalias in `cat aliaslist`


do


    grep 'sys$@{tnsalias} ' $HOME/.userpass | cut -d" " -f2 |
sqlplus -s sys@${tnsalias} @scriptname.sql
done



(If the @ symbols cause grief, just escape them with \ )




BTW:  I just used sys as an example.  I am not encouraging you to do
everything as sys!



-Don Granaman


[OraSaurus]






> Simplest way is not to enter the password on the same line with the
userid.


> If you wait for SQLPlus to prompt you for the password, it doesn't
show up

> with ps -ef.
>
> On the other hand, doing this in a script is more problematical.


Anyone


> have any examples?


(like subscribing).



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Don Granaman
  INET: granaman_at_home.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L


(or the name of mailing list you want to be removed from).  You may

also send the HELP command for other information (like subscribing).


Received on Fri Nov 02 2001 - 16:47:39 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US