Re: hide sqlplus pwd

From: Andre van Winssen <>
Date: Sat, 31 Oct 2009 18:25:35 +0100
Message-ID: <>

exposing your password on the commandline or in a readable password storage file is always a security risk and might lead to security compliancy issues. Have you considered following two options:

use NTS authentication for logging in as SYSDBA (e.g. by adding the os user used by the scheduler to run your scripts in the ORA_DBA group) and then run the sql scripts . You might wanna start with alter session set current_schema=<your db appl. login user> to change the namespace. remember that sysdba user has all privileges to change every database object

use an oracle wallet (Secure External Password Store) to store the credentials. Then <quote from oracle doc> when you configure a client to use the external password store, applications can use the following syntax to connect to databases that use password authentication:

CONNECT /_at_database_alias
Note that you need not specify database login credentials in this CONNECT statement. Instead your system looks for database login credentials in the client wallet. </quote from the oracle doc> I never tested this option with oracle8 clients though so can't promise it will work.


2009/10/31 Robert Freeman <>

> Actually, if you are running on WIN XP there is a command called
> tasklist.exe. This command, if run using the /v switch would show
> sqlplus.exe AND any username/password entered at the command line. Here is
> an example:
> C:\Documents and Settings\Robert>tasklist /v |find "Command Prompt"
> cmd.exe 10128 Console 0 2,672 K
> 0:00:00 Command Prompt - sqlplus sys/robert as sysdba
> Robert G. Freeman
> Oracle ACE
> Ask me about on-site Oracle Training! RMAN, DBA, Tuning, you name it!
> Author:
> Oracle Database 11g RMAN Backup and Recovery (Oracle Press) - ON IT'S WAY
> OCP: Oracle Database 11g Administrator Certified Professional Study Guide
> (Sybex)
> Oracle Database 11g New Features (Oracle Press)
> Oracle Database 10g New Features (Oracle Press)
> Other various titles
> Blog:
> ------------------------------
> *From:* Jared Still <>
> *To:*
> *Cc:* oracle-l List <>
> *Sent:* Fri, October 30, 2009 6:49:41 PM
> *Subject:* Re: hide sqlplus pwd
> On Fri, Oct 30, 2009 at 3:22 PM, Eugene Pipko <>wrote:
>> We’re running Oracle 8,9,10 on Windows. Third party scheduler program
>> executes scripts against Oracle as:
>> sqlplusw.exe user/pwd_at_db _at_c:\jobs\task1.sql
>> What are the ways of hiding user/pwd from curious eyes?
> Some clarification on what you are trying to hide might be useful.
> Are you trying to prevent the passwords from appearing in the scheduled
> scripts?
> Or the log files?
> Or something else?
> As this is windows, it doesn't really have the ps command available to show
> the password. Even if ps is available, I don't think it shows the
> password.
> IAC, more info is needed.
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
> Oracle Blog:
> Home Page:

Received on Sat Oct 31 2009 - 12:25:35 CDT

Original text of this message