Re: unix Ksh script variable

I think that the "secure external password store feature", which is what I alluded to, is free to use based on this paragraph in the 11g Licensing Information guide, page 1-9 (my underscoring):

    *Oracle Wallet*
    An Oracle Wallet is a PKCS#12 container used to store authentication     and encryption
    keys. _The database secure external password store feature stores     passwords in an
    Oracle Wallet for authentication to the Oracle database._ Oracle     Advanced Security uses
    the Oracle Wallet to store credentials for PKI authentication to the     Oracle database,
    network encryption, and transparent data encryption. Oracle Wallet     Manager is an
    application that wallet owners can use to manage and edit Oracle     wallets. _Oracle
    Wallets can be deployed on clients, middle tiers, and database     servers free of charge._

    However, the following features that use an Oracle Wallet in turn     require licensing of
    the Oracle Advanced Security Option: PKI credentials for     authentication to Oracle
    Database, network encryption (SSL/TLS) to the Oracle database from     middle tiers and
    database clients, and transparent data encryption master keys.     Oracle Advanced
    Security option is not required when configuring wallets to secure     communication
    between the Oracle database and Oracle Internet Directory as part of     the enterprise
    user security feature of Oracle Database

Of course I may misinterpret this piece of legalistic prose. English never was my forte... :)

Cheers,
Tony

Niall Litchfield wrote:
>
> Hi
> I'm pretty sure that Oracle Wallet requires the advanced security
> option to be licensed. So a great solution if its already there, but
> somewhat overkill compared to parsing a protected text file if it
> isn't. I wonder these days how big the security risk of storing
> passwords in scripts is (not the convenience of only storing them
> once). Time was when we had real users logging onto the db server able
> to read scripts and sniff command lines. Those days pretty much died
> with client server though.
>
> (p.s my phone adaptive auto correct changed "command lin" to "named
> pipes" as I was typing . I should get out more)
>
>> On 2 Feb 2011 05:42, "De DBA" <dedba_at_tpg.com.au
>> <mailto:dedba_at_tpg.com.au>> wrote:
>>
>> Have you considered using Oracle Wallets? It takes a bit of effort to
>> setup, but is quite resilient. We have used it for years to great
>> satisfaction. You store just the credential's db_connect_string in a
>> plain-text configuration file, which the script then picks up and
>> uses to connect.
>>
>> see e.g.:
>> http://askdba.org/weblog/2009/09/using-oracle-wallet-to-execute-shell-scriptcron-without-hard-coded-oracle-database-password/
>>
>> There used to be an Oracle Whitepaper as well which showed how to set
>> this up with the sys account, but I cannot find it any more on the
>> Oracle website. The actual topic of the whitepaper was "Using Oracle
>> Recovery Manager (RMAN) with Database Vault", published in 2006.
>> Basically you just create a credential as demonstrated in the link
>> above and pass the connect string with "as sysdba" as per usual.
>>
>> Hth,
>> Tony
>>
>>
>>
>> A Joshi wrote:
>> >
>> > hi
>> > I have a script which is to be executed on many databases and
>> different da...
>>

--
http://www.freelists.org/webpage/oracle-l