Re: Need advice on encrypting the password
From: Thump CC <thump_at_cosmiccooler.org>
Date: Tue, 26 Apr 2016 14:46:17 -0700
Message-Id: <C563BC22-11A6-433E-9652-084FF13187DB_at_cosmiccooler.org>
un-crackable encryption? There is such a thing? rot13 is certainly easily crackable.
>> In the Bad Old Days, the workaround was to store the plain text password as the only contents of a file that owned only by root with permissions set to 000. When the password was needed, su - to root, chmod the file to 400, read the contents of the file into a local variable. Then reset the permissions on root's file back to 000.
>>
>> Use the value of that local variable to accomplish work and then set the value of the variable to NULL.
>>
>> It wasn't perfect. It was torturous, but it seemed to keep us out of trouble. The value was vulnerable for a limited time, under the supervision of someone who was trustworthy enough to have root password.
>>
>> Regards,
>>
>> Gus
>>
>> On Tue, Apr 26, 2016 at 12:52 PM, Mladen Gogala <gogala.mladen_at_gmail.com <mailto:gogala.mladen_at_gmail.com>> wrote:
>> On 04/26/2016 12:48 PM, Shastry(DBA) wrote:
>> Hi Gurus,
>>
>> We have automated cloning tool which runs mainly as shell script. Our passwords are stored on a file which is required while cloning is in progress, the logic is to have both PROD and NONPROD credentials are stored in the flat file which will be read by the shell script. I want to know if there is a way to decrypt and encrypt back again once the clone process is done or is there is a better way to manage the script in storing passwords? Kindly share your advice.
>>
>> Thanks,
>> Shankar
>> You can use wallets. Wallet will enable you to do sqlplus /_at_tnsdesc as sysdba, as long as you have the proper certificate installed on the server. Oracle has actually done an excellent thing with wallets: they are secure, convenient and easy to use.
>> Regards
>>
>> --
>> Mladen Gogala
>> Oracle DBA
>> http://mgogala.freehostia.com <http://mgogala.freehostia.com/>
>>
>> --
>> http://www.freelists.org/webpage/oracle-l <http://www.freelists.org/webpage/oracle-l>
>>
>>
>>
Date: Tue, 26 Apr 2016 14:46:17 -0700
Message-Id: <C563BC22-11A6-433E-9652-084FF13187DB_at_cosmiccooler.org>
un-crackable encryption? There is such a thing? rot13 is certainly easily crackable.
> On Apr 26, 2016, at 1:43 PM, Mladen Gogala <gogala.mladen_at_gmail.com> wrote: > > Another trick would be to store password using un-crackable encryption, like rot13, and decrypt the password within the script. > > On 4/26/2016 4:01 PM, Gus Spier wrote:
>> In the Bad Old Days, the workaround was to store the plain text password as the only contents of a file that owned only by root with permissions set to 000. When the password was needed, su - to root, chmod the file to 400, read the contents of the file into a local variable. Then reset the permissions on root's file back to 000.
>>
>> Use the value of that local variable to accomplish work and then set the value of the variable to NULL.
>>
>> It wasn't perfect. It was torturous, but it seemed to keep us out of trouble. The value was vulnerable for a limited time, under the supervision of someone who was trustworthy enough to have root password.
>>
>> Regards,
>>
>> Gus
>>
>> On Tue, Apr 26, 2016 at 12:52 PM, Mladen Gogala <gogala.mladen_at_gmail.com <mailto:gogala.mladen_at_gmail.com>> wrote:
>> On 04/26/2016 12:48 PM, Shastry(DBA) wrote:
>> Hi Gurus,
>>
>> We have automated cloning tool which runs mainly as shell script. Our passwords are stored on a file which is required while cloning is in progress, the logic is to have both PROD and NONPROD credentials are stored in the flat file which will be read by the shell script. I want to know if there is a way to decrypt and encrypt back again once the clone process is done or is there is a better way to manage the script in storing passwords? Kindly share your advice.
>>
>> Thanks,
>> Shankar
>> You can use wallets. Wallet will enable you to do sqlplus /_at_tnsdesc as sysdba, as long as you have the proper certificate installed on the server. Oracle has actually done an excellent thing with wallets: they are secure, convenient and easy to use.
>> Regards
>>
>> --
>> Mladen Gogala
>> Oracle DBA
>> http://mgogala.freehostia.com <http://mgogala.freehostia.com/>
>>
>> --
>> http://www.freelists.org/webpage/oracle-l <http://www.freelists.org/webpage/oracle-l>
>>
>>
>>
> > -- > -- > Mladen Gogala > Oracle Consultant > http://mgogala.freehostia.com <http://mgogala.freehostia.com/> > > DISCLAIMER: I am solely responsible for any opinion expressed in this email
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Apr 26 2016 - 23:46:17 CEST