Re: Alternatives to RMAN cleartext password in batch file for backups?
Date: Sun, 24 Apr 2011 12:51:51 -0300
Message-ID: <BANLkTinwje+GYn-aJqMmRyz+v6_P0PbJTw_at_mail.gmail.com>
Well, you must use a decryptable encryption for this to work, but you could always call RMAN like this:
$!/bin/bash
CATALOG_PASSWORD=`decrypt_command encrypted_password_file`
rman target / catalog catalog_user/${CATALOG_PASSWORD}_at_SID script ...
Where the decrypt_command is a command that returns a cleartext password from the 'encrypted_password_file'. It's not the best solution as anyone with execute permissions on decrypt_command and/or read permissions on encrypted_password_file would be able to access the cleartext password. But then again,in several cases security guidelines are not about security, but about compliance.
hth
Alan.-
On Sun, Apr 24, 2011 at 12:27 AM, Thomas Roach <troach_at_gmail.com> wrote:
> Why don't you encrypt your shell script?
>
>
> http://linux.koolsolutions.com/2009/01/20/howto-encrypting-a-shell-script-on-a-linux-or-unix-based-system/
>
> On Sat, Apr 23, 2011 at 9:05 PM, Bill Myers <bwmyers_at_gmail.com> wrote:
>
>> Hi all,
>> I have the following commands in a batch file scheduled for daily
>> execution:
>>
>> set oracle_sid=mydatadb
>> rman target / catalog mycatusr/mycatpwd_at_mycatdb script Daily_Backup >>
>> backup.log
>>
>> My organization requires the catalog password (mycatpwd) above to be
>> encrypted and not stored as clear text in any other file or environment
>> variable. How can I still use this batch file for scheduled backups without
>> providing a clear text password?
>>
>> The only option I can think of is to compile the commands into a binary
>> executable. Any other ideas besides that?
>>
>> Thanks in advance.
>> Bill
>>
>
>
>
> --
> Thomas Roach
> 813-404-6066
> troach_at_gmail.com
>
-- http://www.freelists.org/webpage/oracle-lReceived on Sun Apr 24 2011 - 10:51:51 CDT