Re: unix Ksh script variable
Date: Wed, 2 Feb 2011 07:30:09 +0000
Message-ID: <AANLkTi=8FW6+28NPmV0wqDekn4N+ET5vJmLyJ=kQKg6D_at_mail.gmail.com>
Hi
I'm pretty sure that Oracle Wallet requires the advanced security option to be licensed. So a great solution if its already there, but somewhat overkill compared to parsing a protected text file if it isn't. I wonder these days how big the security risk of storing passwords in scripts is (not the convenience of only storing them once). Time was when we had real users logging onto the db server able to read scripts and sniff command lines. Those days pretty much died with client server though.
(p.s my phone adaptive auto correct changed "command lin" to "named pipes" as I was typing . I should get out more)
On 2 Feb 2011 05:42, "De DBA" <dedba_at_tpg.com.au> wrote:
Have you considered using Oracle Wallets? It takes a bit of effort to setup, but is quite resilient. We have used it for years to great satisfaction. You store just the credential's db_connect_string in a plain-text configuration file, which the script then picks up and uses to connect.
There used to be an Oracle Whitepaper as well which showed how to set this up with the sys account, but I cannot find it any more on the Oracle website. The actual topic of the whitepaper was "Using Oracle Recovery Manager (RMAN) with Database Vault", published in 2006. Basically you just create a credential as demonstrated in the link above and pass the connect string with "as sysdba" as per usual.
Hth,
Tony
A Joshi wrote:
>
> hi
> I have a script which is to be executed on many databases and different
da...
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Feb 02 2011 - 01:30:09 CST