Re: Encrypt sensitive passwords in shell script - Which one do you prefer ?

From: Sreejith S Nair <Sreejith.Sreekantan_at_ibsplc.com>
Date: Mon, 16 May 2011 19:23:57 +0530
Message-ID: <OFBD8A1489.EE927825-ON65257892.004C3B65-65257892.004C5ACA_at_ibsplc.com>



Yes, The scripts are supposed to run as same oracle user every time.Is there any free option available ?
--
Sreejith S Nair
Associate Systems Architect | AOS DBA Team
 

 



From:   Niall Litchfield <niall.litchfield_at_gmail.com>
To:     Sreejith.Sreekantan_at_ibsplc.com
Cc:     oracle-l_at_freelists.org
Date:   05/16/2011 07:11 PM
Subject:        Re: Encrypt sensitive passwords in shell script - Which 
one do you prefer ?



Are these scripts supposed to run as the same oracle user every time? i.e 
is USER/XXXX unique for each database for each developer? If so then 
oracle wallets (ht Jared for the suggestion) would seem to meet your 
requirement admirably. 

On Mon, May 16, 2011 at 2:30 PM, Sreejith S Nair <
Sreejith.Sreekantan_at_ibsplc.com> wrote:
Hi List, 

I am looking for various options to encrypt a sensitive password in a unix 
shell script. After a bit of googling, I learned about 'shc'. 
Can you please advice on what things you use for this purpose, if any ?

My requirement / idea is 

A .sql file will have to be executed by a shell script in SQLPLUS as 
USER/XXXX . The .sql file will be prepared by developer and will be put to 
a directory to which their osuser - say 'user1' will have write access. I 
will have 'oracle' user in the server , who is the DBA user. I want them 
to run this SQL like, runthis.sh test.sql where runthis.sh is owned by 
oracle user and will reside in some directory owned by DBA user. I am 
planning to configure schema password (USER/XXXX) in  runthis.sh , which a 
developer is not supposed to know. 
But if I give execute permission for 'user1' to runthis.sh, it becomes 
readable and all can read the password. Is there anyway , I can store 
encrypted password in SQLPLUS connect string in this file / encrypt shell 
script as such ? 

Thanks in Advance. 

  
With Regards, 
Sreejith 
  
-- 
Sreejith S Nair 
Associate Systems Architect | AOS DBA Team 
 





DISCLAIMER: 


"The information in this e-mail and any attachment is intended only for
the person to whom it is addressed and may contain confidential and/or privileged material. If you have received this e-mail in error, kindly contact the sender and destroy all copies of the original communication. IBS makes no warranty, express or implied, nor guarantees the accuracy, adequacy or completeness of the information contained in this email or any attachment and is not liable for any errors, defects, omissions, viruses or for resultant loss or damage, if any, direct or indirect." -- Niall Litchfield Oracle DBA http://www.orawin.info DISCLAIMER:
"The information in this e-mail and any attachment is intended only for
the person to whom it is addressed and may contain confidential and/or privileged material. If you have received this e-mail in error, kindly contact the sender and destroy all copies of the original communication. IBS makes no warranty, express or implied, nor guarantees the accuracy, adequacy or completeness of the information contained in this email or any attachment and is not liable for any errors, defects, omissions, viruses or for resultant loss or damage, if any, direct or indirect." -- http://www.freelists.org/webpage/oracle-l
Received on Mon May 16 2011 - 08:53:57 CDT

Original text of this message