Re: Hiding username/password from ps
Date: 1995/12/28
Message-ID: <4bur47$bon_at_inet-nntp-gw-1.us.oracle.com>#1/1
The so-called OPS$ (OS-authenticated) Oracle userids are the preferred solution assuming that you trust the authentication mechanism(s) of your OS. I recommend using "" as your prefix (rather than "OPS$") so Oracle userids are the same as OS userids. OS-authenticated userids may not be an option if you are dealing with established schemas or are using SQL*Net. In that case you are going to put the Oracle userid and password in some kind of file (readable, executable, or whatever) and rely on native OS protection mechanisms to secure the file. One simple approach to this is to place a CONNECT statement in a login.sql file and invoke SQL*Plus with /NOLOG as its first argument. Example (ksh under AIX):
$ echo "connect scott/tiger" >login.sql
$ chmod 0600 login.sql
$ sqlplus /nolog
SQL*Plus: Release 3...[snip]
Connected.
SQL>
For "batch" operation of course you would include _at_ or redirect
stdin/stdout on the command line. There is a search hierarchy
for the login.sql file, so read the SQL*Plus doc carefully
(including your platform-specific manuals) before implementing
this.
/b
-- Bill Manry - Mainframe and Integration Technologies - Oracle Corporation Standard disclaimer applies.Received on Thu Dec 28 1995 - 00:00:00 CET