RE: Alternatives to RMAN cleartext password in batch file for backups?

From: Michael Dinh <mdinh_at_XIFIN.Com>
Date: Sun, 24 Apr 2011 08:59:39 -0700
Message-ID: <D29F9902E534D5478F2E83FD6A44B3063AFD865A6F_at_mail02.mba.xifin.com>

Here is another one that I have used at a company before.

http://laurentschneider.com/wordpress/2006/07/oracle-password-repository.html

From: oracle-l-bounce_at_freelists.org [oracle-l-bounce_at_freelists.org] On Behalf Of Guillermo Alan Bort [cicciuxdba_at_gmail.com] Sent: Sunday, April 24, 2011 8:51 AM
To: troach_at_gmail.com
Cc: bwmyers_at_gmail.com; oracle-l_at_freelists.org Subject: Re: Alternatives to RMAN cleartext password in batch file for backups?

Well, you must use a decryptable encryption for this to work, but you could always call RMAN like this:

$!/bin/bash
CATALOG_PASSWORD=`decrypt_command encrypted_password_file`

rman target / catalog catalog_user/${CATALOG_PASSWORD}_at_SID script ...

Where the decrypt_command is a command that returns a cleartext password from the 'encrypted_password_file'. It's not the best solution as anyone with execute permissions on decrypt_command and/or read permissions on encrypted_password_file would be able to access the cleartext password. But then again,in several cases security guidelines are not about security, but about compliance.

hth
Alan.-

On Sun, Apr 24, 2011 at 12:27 AM, Thomas Roach <troach_at_gmail.com<mailto:troach_at_gmail.com>> wrote: Why don't you encrypt your shell script?

http://linux.koolsolutions.com/2009/01/20/howto-encrypting-a-shell-script-on-a-linux-or-unix-based-system/

On Sat, Apr 23, 2011 at 9:05 PM, Bill Myers <bwmyers_at_gmail.com<mailto:bwmyers_at_gmail.com>> wrote: Hi all,
I have the following commands in a batch file scheduled for daily execution:

set oracle_sid=mydatadb
rman target / catalog mycatusr/mycatpwd_at_mycatdb script Daily_Backup >> backup.log

My organization requires the catalog password (mycatpwd) above to be encrypted and not stored as clear text in any other file or environment variable. How can I still use this batch file for scheduled backups without providing a clear text password?

The only option I can think of is to compile the commands into a binary executable. Any other ideas besides that?

Thanks in advance.
Bill

--

Thomas Roach
813-404-6066
troach_at_gmail.com<mailto:troach_at_gmail.com>

--

http://www.freelists.org/webpage/oracle-l Received on Sun Apr 24 2011 - 10:59:39 CDT

This message: [ Message body ]
Next message: Mercadante, Thomas F (LABOR): "RE: Alternatives to RMAN cleartext password in batch file for backups?"
Previous message: Guillermo Alan Bort: "Re: Alternatives to RMAN cleartext password in batch file for backups?"
In reply to: Guillermo Alan Bort: "Re: Alternatives to RMAN cleartext password in batch file for backups?"
Next in thread: D'Hooge Freek: "RE: Alternatives to RMAN cleartext password in batch file for backups?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message