Unix security for sqlldr jobs
DBAsupport.com Forums - Powered by vBulletin
Results 1 to 4 of 4

Thread: Unix security for sqlldr jobs

  1. #1
    Join Date
    Apr 2001
    Location
    Brisbane, Queensland, Australia
    Posts
    1,203
    Solaris 7
    Oracle 8.1.7.1.0b

    sqlldr.

    Every day I load a very large number of text files using sqlldr. My probelmat the moment is security.

    When I connect to oracle for batch jobs outside sqlldr, I use the following.

    In my unix script.sh

    USER="user"
    PASS="pass"
    COM2="connect $USER/$PASS"
    COM3="sqlplus /nologon"

    $COM3 < $COM2

    select * from dual;
    ESQL

    Then in UNIX if I do a

    /usr/ptree/bin/proc

    I can find the process and I CAN'T see the password. This is good.

    Sqlldr on the other hand

    USER="user"
    PASS="pass"

    COM="sqlldr $USER/$PASS"


    $COM $CONTROL/data.ctl DATA=data.txt DIRECT=TRUE

    I can't use the /nologon. And when I do a /usr/ptree/bin/proc I can see the user/pass, which to me is very disturbing. Any ideas what I can do?

    Cheers,
    OCP 8i, 9i DBA
    Brisbane Australia

  2. #2
    Join Date
    Mar 2001
    Posts
    314
    How about using a parameter file containing the userid

    -amar

  3. #3
    Join Date
    Oct 2001
    Posts
    83
    Hello,

    What abour using an oracle user identified by you OS...

    and so, you will have :
    COM="sqlldr /"
    $COM $CONTROL/data.ctl DATA=data.txt DIRECT=TRUE

    Hope this helps

    Regards




  4. #4
    Join Date
    Jun 2000
    Location
    Madrid, Spain
    Posts
    7,447
    Originally posted by amar
    How about using a parameter file containing the userid

    -amar
    I have tried this, it works if the userid/password@tns is static, when I was doing this it was dynamic so using shell variables wasnt possible (at least no on Tru64), try pass the password from a file to sql loader, I think it hides the password

    Somthing like
    Code:
    echo ${DESPWD} > /tmp/zeratul
    sqlldr userid=${DESUSER}@${DESTNS} parfile=${SQLLDRCTLDIR}/sqlldr_${PATRON2}.par < /tmp/zeratul > ${SQLLDRLOGDIR}/sqlldr_${PATRON1}.log 2>> ${SQLLDRLOGDIR}/sqlldr_${PATRON1}.log

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width