Re: username/pass --> security issue

On Fri, 17 Feb 2006 11:06:53 -0800, epipko wrote:

> Hi all,
> We created a user in Oracle 9i and use it to run nightly processing via
> scheduler (3rd party) by executing .bat files (windows 2003).
> Works fine, but there is one little thing: the user/pass is visible in
> the string.
> Here is the example:
> .bat
> -----------------
> sqlplusw.EXE USER/PASS_at_DB @c:\jobs\job1.sql
> -----------------
>
> What do I need to do to hide the password?
>
> Thanks,
> Eugene

Depends on WHERE you are executing the batch job.

Look at the following use of *external authorization*. It's on Linux, but should be valid in Windows as well. Basically:

1. create a user in the OS, with the appropriate permissions (testit);
2. create a user in Oracle with the appropriate permissions (ops$testit);
3. log on using external authentication (sqlplus / @C:\jobs...)

pop2_at_fuzzy:~> sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Beta on Fri Feb 17 13:32:58 2006

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Beta

SQL> create user ops$testit identified externally;

User created.

SQL> grant create session to ops$testit;

Grant succeeded.

SQL> exit
Disconnected from Oracle Database 10g Express Edition Release 10.2.0.1.0 - Beta pop2_at_fuzzy:~> su - testit
Password:
testit_at_fuzzy:~> . oraenv
testit_at_fuzzy:~> sqlplus /

SQL*Plus: Release 10.2.0.1.0 - Beta on Fri Feb 17 13:34:01 2006

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Beta

SQL> select * from dual;

DUM

---
X

SQL> exit
Disconnected from Oracle Database 10g Express Edition Release 10.2.0.1.0 - Beta
testit_at_fuzzy:~>




-- 
Hans Forbrich                           
Canada-wide Oracle training and consulting
mailto: Fuzzy.GreyBeard_at_gmail.com   
*** Top posting [replies] guarantees I won't respond. ***