Re: Q: embedding userid/password in scripts?

From: John P. Higgins <jh33378_at_deere.com>
Date: 1996/11/14
Message-ID: <328BAC1A.7849@deere.com>#1/1

John P DeVoy wrote:
>
> I'm new to UNIX, and I want to develop some cron scripts that I
> can have log into the database and do some chores for me. I can
> do that trick just fine, but I'm not certain I'm handling the
> account name and password in the most secure manner possible.
>
> If you've done similar stuff in your shop, can you share with us
> how you handle the account name and password, together with any
> security issues. Thanks!!
> --
> ----------------------------------------------------------------
> John P De Voy "When amatuers dabble in databases ()
> DBA, NeXT Software Inc. people get hurt!" /\

I like to use a unix shell 'here document' so the shell preprocesses the script. It might look like:

#!/bin/ksh

export ORACLE_HOME=___________
export ORACLE_SID=____
export PATH=$ORACLE_HOME/bin:$PATH

sqlplus -silent <<EOF
$(cat /_______/.userpwd)
set pagesize 0
set linesize 200
set heading off
set underline off
set scan off
set feedback off
set pause off
select * from sys.dual;
exit
EOF The <<EOF makes all the lines that follow into stdin for the job up until a line that starts with EOF. The shell processes the lines first, so the $cat( ) reads the protected file and substitutes the user name and password into the 'here document'. Note that this keeps the password off the command line where it is visible to the world via the ps command!

-- 
John P. Higgins      Voice:    (309)765-4481
Deere & Company      Fax:      (309)765-5168
John Deere Road      Internet: jh33378_at_deere.com
Moline, IL 61265     Opinions: My Own

Received on Thu Nov 14 1996 - 00:00:00 CST