Received: (qmail 6997 invoked from network); 16 May 2011 08:57:51 -0500 Received: from freelists-180.iquest.net (HELO turing.freelists.org) (206.53.239.180) by static-ip-85-25-126-90.inaddr.intergenia.de with SMTP; 16 May 2011 08:57:41 -0500 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 1FB40E143CA; Mon, 16 May 2011 09:56:41 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=freelists.org; s=turing; t=1305554201; bh=aB7+S3fkcsCFtsZkSmizjGVwwSKkrc7XA6PoPeZj iY8=; h=In-Reply-To:References:To:Cc:MIME-Version:Subject: Message-ID:From:Date:Content-Type:Sender:Reply-To:List-help: List-unsubscribe:List-Id:List-subscribe:List-owner:List-post: List-archive; b=fD0qr3YrnIReI7RT8KC6LQv4I50Xy5rokQibrVkzomrcvNNlau XEcKuh4eP8WDFuTXUvSIBvVPppFO7GgW1mpbe0Pr1xKyozvOZoISEhWpd3tCof4fZVL HLe9HbkvU7eN2ZGxzT5TwrwIPgZR68NSwDvhEUt3xRfF/3d3D3rk/c= X-Virus-Scanned: Debian amavisd-new at localhost.localdomain Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kaRe1iVzkrps; Mon, 16 May 2011 09:56:40 -0400 (EDT) Received: from turing.freelists.org (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 5DC2AE172BA; Mon, 16 May 2011 09:55:56 -0400 (EDT) Received: with ECARTIS (v1.0.0; list oracle-l); Mon, 16 May 2011 09:55:14 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id C9115E172BB for ; Mon, 16 May 2011 09:55:13 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wi+X7VC+fCFI for ; Mon, 16 May 2011 09:55:13 -0400 (EDT) Received: from mx1.ibsplc.com (mx1.ibsplc.com [202.177.44.5]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 0DC2DE17295 for ; Mon, 16 May 2011 09:54:26 -0400 (EDT) X-IronPort-AV: E=Sophos;i="4.64,374,1301855400"; d="scan'208";a="24835150" Received: from unknown (HELO Mail2.ibsplc.com) ([192.168.0.9]) by mx2.ibsplc.com with ESMTP; 16 May 2011 19:24:00 +0530 In-Reply-To: References: X-Disclaimed: 1598 To: Niall Litchfield Cc: oracle-l@freelists.org MIME-Version: 1.0 Subject: Re: Encrypt sensitive passwords in shell script - Which one do you prefer ? X-KeepSent: BD8A1489:EE927825-65257892:004C3B65; type=4; name=$KeepSent Message-ID: From: Sreejith S Nair Date: Mon, 16 May 2011 19:23:57 +0530 X-MIMETrack: Serialize by Router on Mail2/IBS(Release 8.5.1FP1|January 05, 2010) at 05/16/2011 07:24:01 PM, Serialize complete at 05/16/2011 07:24:01 PM Content-Type: multipart/alternative; boundary="=_alternative 004C5AC965257892_=" X-archive-position: 36298 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-to: oracle-l-bounce@freelists.org X-original-sender: Sreejith.Sreekantan@ibsplc.com Precedence: normal Reply-To: Sreejith.Sreekantan@ibsplc.com List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: oracle-l X-List-ID: oracle-l List-subscribe: List-owner: List-post: List-archive: X-list: oracle-l --=_alternative 004C5AC965257892_= Content-Type: text/plain; charset="US-ASCII" Yes, The scripts are supposed to run as same oracle user every time.Is there any free option available ? -- Sreejith S Nair Associate Systems Architect | AOS DBA Team From: Niall Litchfield To: Sreejith.Sreekantan@ibsplc.com Cc: oracle-l@freelists.org Date: 05/16/2011 07:11 PM Subject: Re: Encrypt sensitive passwords in shell script - Which one do you prefer ? Are these scripts supposed to run as the same oracle user every time? i.e is USER/XXXX unique for each database for each developer? If so then oracle wallets (ht Jared for the suggestion) would seem to meet your requirement admirably. On Mon, May 16, 2011 at 2:30 PM, Sreejith S Nair < Sreejith.Sreekantan@ibsplc.com> wrote: Hi List, I am looking for various options to encrypt a sensitive password in a unix shell script. After a bit of googling, I learned about 'shc'. Can you please advice on what things you use for this purpose, if any ? My requirement / idea is A .sql file will have to be executed by a shell script in SQLPLUS as USER/XXXX . The .sql file will be prepared by developer and will be put to a directory to which their osuser - say 'user1' will have write access. I will have 'oracle' user in the server , who is the DBA user. I want them to run this SQL like, runthis.sh test.sql where runthis.sh is owned by oracle user and will reside in some directory owned by DBA user. I am planning to configure schema password (USER/XXXX) in runthis.sh , which a developer is not supposed to know. But if I give execute permission for 'user1' to runthis.sh, it becomes readable and all can read the password. Is there anyway , I can store encrypted password in SQLPLUS connect string in this file / encrypt shell script as such ? Thanks in Advance. With Regards, Sreejith -- Sreejith S Nair Associate Systems Architect | AOS DBA Team DISCLAIMER: "The information in this e-mail and any attachment is intended only for the person to whom it is addressed and may contain confidential and/or privileged material. If you have received this e-mail in error, kindly contact the sender and destroy all copies of the original communication. IBS makes no warranty, express or implied, nor guarantees the accuracy, adequacy or completeness of the information contained in this email or any attachment and is not liable for any errors, defects, omissions, viruses or for resultant loss or damage, if any, direct or indirect." -- Niall Litchfield Oracle DBA http://www.orawin.info DISCLAIMER: "The information in this e-mail and any attachment is intended only for the person to whom it is addressed and may contain confidential and/or privileged material. If you have received this e-mail in error, kindly contact the sender and destroy all copies of the original communication. IBS makes no warranty, express or implied, nor guarantees the accuracy, adequacy or completeness of the information contained in this email or any attachment and is not liable for any errors, defects, omissions, viruses or for resultant loss or damage, if any, direct or indirect." --=_alternative 004C5AC965257892_= Content-Type: text/html; charset="US-ASCII" Yes, The scripts are supposed to run as same oracle user every time.Is there any free option available ?

--
Sreejith S Nair
Associate Systems Architect | AOS DBA Team
 

 



From:        Niall Litchfield <niall.litchfield@gmail.com>
To:        Sreejith.Sreekantan@ibsplc.com
Cc:        oracle-l@freelists.org
Date:        05/16/2011 07:11 PM
Subject:        Re: Encrypt sensitive passwords in shell script - Which one do you prefer ?




Are these scripts supposed to run as the same oracle user every time? i.e is USER/XXXX unique for each database for each developer? If so then oracle wallets (ht Jared for the suggestion) would seem to meet your requirement admirably. 
On Mon, May 16, 2011 at 2:30 PM, Sreejith S Nair <Sreejith.Sreekantan@ibsplc.com> wrote:
Hi List,

I am looking for various options to encrypt a sensitive password in a unix shell script. After a bit of googling, I learned about 'shc'.
Can you please advice on what things you use for this purpose, if any ?

My requirement / idea is

A .sql file will have to be executed by a shell script in SQLPLUS as USER/XXXX . The .sql file will be prepared by developer and will be put to a directory to which their osuser - say 'user1' will have write access. I will have 'oracle' user in the server , who is the DBA user. I want them to run this SQL like, runthis.sh test.sql where runthis.sh is owned by oracle user and will reside in some directory owned by DBA user. I am planning to configure schema password (USER/XXXX) in  runthis.sh , which a developer is not supposed to know.
But if I give execute permission for 'user1' to runthis.sh, it becomes readable and all can read the password. Is there anyway , I can store encrypted password in SQLPLUS connect string in this file / encrypt shell script as such ?

Thanks in Advance.

 
With Regards,
Sreejith
 
--
Sreejith S Nair
Associate Systems Architect | AOS DBA Team
 





DISCLAIMER:

"The information in this e-mail and any attachment is intended only for the person to whom it is addressed and may contain confidential and/or privileged material. If you have received this e-mail in error, kindly contact the sender and destroy all copies of the original communication. IBS makes no warranty, express or implied, nor guarantees the accuracy, adequacy or completeness of the information contained in this email or any attachment and is not liable for any errors, defects, omissions, viruses or for resultant loss or damage, if any, direct or indirect."




--
Niall Litchfield
Oracle DBA
http://www.orawin.info






DISCLAIMER:

"The information in this e-mail and any attachment is intended only for the person to whom it is addressed and may contain confidential and/or privileged material. If you have received this e-mail in error, kindly contact the sender and destroy all copies of the original communication. IBS makes no warranty, express or implied, nor guarantees the accuracy, adequacy or completeness of the information contained in this email or any attachment and is not liable for any errors, defects, omissions, viruses or for resultant loss or damage, if any, direct or indirect."

--=_alternative 004C5AC965257892_=-- -- http://www.freelists.org/webpage/oracle-l