Hiding passwords in a script
I would like to create some scripts on Windows OS that will not divulge critical passwords. I have a script that is a bat file that connects to the Oracle database as SYS to pull out some info. I would like to write this is such a way that the SYS password is not shown within the script (sqlplus "sys/pwd" @C:\some.sql). Any ideas?
There are two ways to do it.
1) Login as a user which have ORADBA privilege and connect to the database using / as sysdba
2) I you are not querying the fixed tables (X$ tables) then create a user grant him only the read privileges on the tables you want to query (ex: select_catalog_role) and use it for your purpose.
There are three kinds of lies: Lies, damned lies, and benchmarks...
Unix is user friendly. It's just very particular about who it's friends are.
As long as you use sys, I agree just use connect / as sysdba
For any other user, and if you use 10g Release 2, you can create an Oracle wallet and store the username/password there. I am just too lazy to search the documentation for details about this feature. Just look at the 10g release 2 new features book if interested
1. I would agree with marist89. Simple rule of thumb, don't use sys or system. accounts in your scripts. So how do you get around?
a. Create an access account
b. Grant a very limited default privs.
c. Have an application account where you store all your objects
d. grant the execute privs to the access user to execute the objects under application account.
e. create fingrain access to the objects based on the server and user.
Hence you have reduced the imapct on your system. Oracle Wallet is a good option. But first check for your license compliances befoe using it. Oracle's business strategy is like carrot and money. You use you pay!
Life is a journey, not a destination!
Click Here to Expand Forum to Full Width