John P. Higgins wrote:
>
> John P DeVoy wrote:
> >
> > I'm new to UNIX, and I want to develop some cron scripts that I
> > can have log into the database and do some chores for me. I can
> > do that trick just fine, but I'm not certain I'm handling the
> > account name and password in the most secure manner possible.
> >
> > If you've done similar stuff in your shop, can you share with us
> > how you handle the account name and password, together with any
> > security issues. Thanks!!
> > --
> > ----------------------------------------------------------------
> > John P De Voy "When amatuers dabble in databases ()
> > DBA, NeXT Software Inc. people get hurt!" /\
>
> I like to use a unix shell 'here document' so the shell preprocesses
> the script. It might look like:
>
> #!/bin/ksh
> export ORACLE_HOME=___________
> export ORACLE_SID=____
> export PATH=$ORACLE_HOME/bin:$PATH
> sqlplus -silent <<EOF
> $(cat /_______/.userpwd)
> set pagesize 0
> set linesize 200
> set heading off
> set underline off
> set scan off
> set feedback off
> set pause off
> select * from sys.dual;
> exit
> EOF
>
> The <<EOF makes all the lines that follow into stdin for the job up
> until a line that starts with EOF. The shell processes the lines first,
> so the $cat( ) reads the protected file and substitutes the user name
> and password into the 'here document'. Note that this keeps the password
> off the command line where it is visible to the world via the ps
> command!
> --
> John P. Higgins Voice: (309)765-4481
> Deere & Company Fax: (309)765-5168
> John Deere Road Internet: jh33378_at_deere.com
> Moline, IL 61265 Opinions: My Own
Another option is to utilize an "ops$<username>" associated with the
Unix account that is running the cron. This will allow Oracle to
validate the user against the OS. Note that the OS account should be
kept very secure.
Received on Fri Nov 15 1996 - 00:00:00 CST
