Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: SQL script without password

Re: SQL script without password

From: Bart Simpson <bart_at_baaaaaaaaart.com>
Date: Sat, 12 May 2001 08:41:01 +0100
Message-ID: <989649947.9154.0.nnrp-14.9e985e86@news.demon.co.uk>

"Robert Chung" <robertch_at_mindspring.com> wrote in message news:3afcbae0.213444046_at_198.99.146.10...
>
> Is there some way for SQL scripts to connect to database without
> password? We have many scripts that calls sqlplus and issue SQL
> commands, and we want to avoid hard-coded passwords in the scripts.
> We do not want to use OS authentication method, because the scripts
> need to be run from remote machines and using OS authentication from
> remote machine can open up security hole. Thank you in advance.
>
>

You have to have a password or use external authentication.

Your scripts should really call an initialising script to include things such as password and paths etc.

E.g.

#!/bin/ksh

. ${SOMEPATH}/myinit.ksh || exit 2

A lot of people will say that it's insecure to have password in plain text files, but provided the file is only readable by the required user/group (and root of course), then this is secure for most purposes.

You'd also be surprised how often people issue "sqlplus user/password", which immediately sticks the password on the process table for all to see.

Much safer to write your connect string to youe ".sql" file (with correct file permissions) if you can or to do something like

sqlplus << EOF
user/password
EOF I'm not sure of the insecurities of external authentication, but it would still be securer than no passwords (had that been available). Received on Sat May 12 2001 - 02:41:01 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US