Re: Q: embedding userid/password in scripts?
Date: 1996/11/14
Message-ID: <328BAC1A.7849_at_deere.com>#1/1
John P DeVoy wrote:
>
> I'm new to UNIX, and I want to develop some cron scripts that I
> can have log into the database and do some chores for me. I can
> do that trick just fine, but I'm not certain I'm handling the
> account name and password in the most secure manner possible.
>
> If you've done similar stuff in your shop, can you share with us
> how you handle the account name and password, together with any
> security issues. Thanks!!
> --
> ----------------------------------------------------------------
> John P De Voy "When amatuers dabble in databases ()
> DBA, NeXT Software Inc. people get hurt!" /\
I like to use a unix shell 'here document' so the shell preprocesses
the script. It might look like:
#!/bin/ksh
export ORACLE_HOME=___________
export ORACLE_SID=____
export PATH=$ORACLE_HOME/bin:$PATH
sqlplus -silent <<EOF
$(cat /_______/.userpwd)
set pagesize 0
set linesize 200
set heading off
set underline off
set scan off
set feedback off
set pause off
select * from sys.dual;
exit
EOF
The <<EOF makes all the lines that follow into stdin for the job up
until a line that starts with EOF. The shell processes the lines first,
so the $cat( ) reads the protected file and substitutes the user name
and password into the 'here document'. Note that this keeps the password
off the command line where it is visible to the world via the ps
command!
-- John P. Higgins Voice: (309)765-4481 Deere & Company Fax: (309)765-5168 John Deere Road Internet: jh33378_at_deere.com Moline, IL 61265 Opinions: My OwnReceived on Thu Nov 14 1996 - 00:00:00 CET