Re: hide sqlplus pwd
Date: Sat, 31 Oct 2009 18:25:35 +0100
exposing your password on the commandline or in a readable password storage file is always a security risk and might lead to security compliancy issues. Have you considered following two options:
use NTS authentication for logging in as SYSDBA (e.g. by adding the os user used by the scheduler to run your scripts in the ORA_DBA group) and then run the sql scripts . You might wanna start with alter session set current_schema=<your db appl. login user> to change the namespace. remember that sysdba user has all privileges to change every database object
use an oracle wallet (Secure External Password Store) to store the credentials. Then <quote from oracle doc> when you configure a client to use the external password store, applications can use the following syntax to connect to databases that use password authentication:
Note that you need not specify database login credentials in this CONNECT statement. Instead your system looks for database login credentials in the client wallet. </quote from the oracle doc> I never tested this option with oracle8 clients though so can't promise it will work.
2009/10/31 Robert Freeman <robertgfreeman_at_yahoo.com>
> Actually, if you are running on WIN XP there is a command called
> tasklist.exe. This command, if run using the /v switch would show
> sqlplus.exe AND any username/password entered at the command line. Here is
> an example:
> C:\Documents and Settings\Robert>tasklist /v |find "Command Prompt"
> cmd.exe 10128 Console 0 2,672 K
> Running ROBERTSDELLXPS\Robert
> 0:00:00 Command Prompt - sqlplus sys/robert as sysdba
> Robert G. Freeman
> Oracle ACE
> Ask me about on-site Oracle Training! RMAN, DBA, Tuning, you name it!
> Oracle Database 11g RMAN Backup and Recovery (Oracle Press) - ON IT'S WAY
> OCP: Oracle Database 11g Administrator Certified Professional Study Guide
> Oracle Database 11g New Features (Oracle Press)
> Oracle Database 10g New Features (Oracle Press)
> Other various titles
> Blog: http://robertgfreeman.blogspot.com
> *From:* Jared Still <jkstill_at_gmail.com>
> *To:* eugene.pipko_at_unionbay.com
> *Cc:* oracle-l List <oracle-l_at_freelists.org>
> *Sent:* Fri, October 30, 2009 6:49:41 PM
> *Subject:* Re: hide sqlplus pwd
> On Fri, Oct 30, 2009 at 3:22 PM, Eugene Pipko <eugene.pipko_at_unionbay.com>wrote:
>> We’re running Oracle 8,9,10 on Windows. Third party scheduler program
>> executes scripts against Oracle as:
>> sqlplusw.exe user/pwd_at_db _at_c:\jobs\task1.sql
>> What are the ways of hiding user/pwd from curious eyes?
> Some clarification on what you are trying to hide might be useful.
> Are you trying to prevent the passwords from appearing in the scheduled
> Or the log files?
> Or something else?
> As this is windows, it doesn't really have the ps command available to show
> the password. Even if ps is available, I don't think it shows the
> IAC, more info is needed.
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
> Oracle Blog: http://jkstill.blogspot.com
> Home Page: http://jaredstill.com