Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Best approach to retrieve Connect String

Re: Best approach to retrieve Connect String

From: <basfbasf2_at_yahoo.com>
Date: 16 Aug 2004 12:19:10 -0700
Message-ID: <5c6f6121.0408161119.5c01395d@posting.google.com> 





thanks for it.


---
basfbasf2_at_yahoo.com


Mark Bole <makbo_at_pacbell.net> wrote in message news:<wNPTc.6601$Qr6.5282_at_newssvr29.news.prodigy.com>...


> Daniel Morgan wrote:

> > Wes Brooks wrote:

> > 

> >> Hello expert,

> >>

> >> My environment has 10 Oracle databases.  The job is run called up by

> >> UNIX script.  The job may need to sign on with different User IDs to

> >> different Oracle database instance in order to get the batch job

> >> running.  To avoid to logon with a wrong database instance, the

> >> current practice is to hard-code the logon ID, password, and the

> >> Connect String on the UNIX script.

> >>

> >> If I want to remove the hard-code of the logon information, would you

> >> mind to share your experience how to handle this change?  How to set

> >> up the UNIX User environment based on the job?

> > 

> > 

> > I agree with Hans but also suggest you explore the possibility of using

> > externally authenticated accounts such as OPS$DEV, OPS$TEST, OPS$PROD1.

> 

> And lastly, if the previous two good suggestions won't work, here's an 

> answer to your original question.

> 

> Assuming the unix user 'oracle' and group 'dba' are suitably secure 

> (which they should be anyway), create one or more "password" files with 

> file names matching the user and connect string.

> 

> 1. One time set-up of "hidden" password for each user and connect:

> 

> [as user oracle, your directory structure may vary]

> 

> % echo "my_password" > ${ORACLE_BASE}/local/mysid.world.myuser.passwd

> % chmod ug+r,o-rwx ${ORACLE_BASE}/local/mysid.world.myuser.passwd

> 

> [the above makes the file readable only by owner and group]

> 

> 2. Skeleton shell script for Solaris or Linux, line wrapping may need 

> fixing:

> 

> ------[cut here]--------------

> #!/bin/bash

> # connect information passed as args

> CONNECT=$1

> USER=$2

> if [ ! -e ${ORACLE_BASE}/local/${CONNECT}.${USER}.passwd ]

> then

>      echo "Cannot find file

>           ${ORACLE_BASE}/local/${CONNECT}.${USER}.passwd, exiting..."

>      exit

> fi

> 

> /bin/cat ${ORACLE_BASE}/local/${CONNECT}.${USER}.passwd \

>       | ${ORACLE_HOME}/bin/sqlplus ${USER}@${CONNECT} \

>         @${ORACLE_BASE}/sql/my_script \

>       2>&1

> ------[cut here]--------------

> 

> A heck of lot better than hardcoding -- now you can change your 

> passwords on a regular basis without editing every script each time, 

> just the one-line "password" file(s).

> 

> For more security, flexibility, and control in scripting, Perl with DBI 

> is highly recommended.

> 

> --Mark Bole



Received on Mon Aug 16 2004 - 14:19:10 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US