Re: Hide SqlPlus username/password in UNIX Script

From: Tim X <timx_at_spamto.devnul.com>
Date: 24 Apr 2003 15:22:38 +1000
Message-ID: <87he8osc4h.fsf_at_tiger.rapttech.com.au>

>>>>> "Gil" == gilgantic <gilgantic_at_yahoo.com> writes:

Gil> I want to hide the username and password when I run SqlPlus on Gil> in a UNIX script. How do I do this?

Gil> My original solution was to I execute the script under a super Gil> user (root user), which has no password, but the

Gil> Example of what I have so far ... echo "execute sample;" | Gil> $ORACLE_HOME/bin/sqlplus scott/tiger

 Gil>  Step 1: I login to UNIX using scott/tiger for username/password
 Gil> Step 2: I change to the Super User (ie. su superuser), which has
 Gil> no password Step 3: Run the script with following line ...  echo
 Gil> "execute sample;" | $ORACLE_HOME/bin/sqlplus superuser/ I tried
 Gil> changing the username/password to the superuser.

 Gil> Of course, this failed. My reason for Step 3, was since

Gil> superuser had no password associated with it, it would Gil> automatically login.

Gil> Thanks! Gil

Just a couple of comments

I hope I misunderstand your statement that the superuser has no password! If this is the case, the problem of your username/password being seen is irrelevent compared to the HUGE security hole of having a superuser without a password.
If what you are really worried about is using the password on the command line, which means it is visible to anyone on the server who can run the ps command, then you might be interested in using a HERE document. This is a shell scripting technique where you use redirection so that a command takes its input from lines within the script itself. Using this technique means the password is not passed as a command line argument and therefore is not visible to the ps command. You can then use file permission settings (read permission) to restrict who can read the file and see the password in the script. Any decent book on unix scripting will cover here documents. Essentially you have the following structure

command <<EOF
line
line
line
EOF Where everything from the first EOF is sent to the command, line at a time and executed as if it had been entered via standard input.

Tim

-- 
Tim Cross
The e-mail address on this message is FALSE (obviously!). My real e-mail is
to a company in Australia called rapttech and my login is tcross - if you 
really need to send mail, you should be able to work it out!

Received on Thu Apr 24 2003 - 07:22:38 CEST

This message: [ Message body ]
Next message: Mahesh Hardikar: "9iAS Reports Problem"
Previous message: Roman Zhovtulya: "Re: Video DBMS"
In reply to: gilgantic: "Hide SqlPlus username/password in UNIX Script"
Next in thread: Joel Garry: "Re: Expanded Oracle DBA Site"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message