DBAsupport.com Forums - Powered by vBulletin
Results 1 to 5 of 5

Hybrid View

  1. #1
    Join Date
    Oct 2006

    Hiding passwords in a script

    I would like to create some scripts on Windows OS that will not divulge critical passwords. I have a script that is a bat file that connects to the Oracle database as SYS to pull out some info. I would like to write this is such a way that the SYS password is not shown within the script (sqlplus "sys/pwd" @C:\some.sql). Any ideas?

  2. #2
    Join Date
    Nov 2000
    sure, don't use sys.
    Jeff Hunter
    Get Firefox!
    "I pledge to stop eating sharks fin soup and will not do so under any circumstances."

  3. #3
    Join Date
    Nov 2004
    Mumbai, India
    There are two ways to do it.

    1) Login as a user which have ORADBA privilege and connect to the database using / as sysdba

    2) I you are not querying the fixed tables (X$ tables) then create a user grant him only the read privileges on the tables you want to query (ex: select_catalog_role) and use it for your purpose.
    There are three kinds of lies: Lies, damned lies, and benchmarks...

    Unix is user friendly. It's just very particular about who it's friends are.

    Oracle DBA

  4. #4
    Join Date
    Nov 2006
    As long as you use sys, I agree just use connect / as sysdba
    For any other user, and if you use 10g Release 2, you can create an Oracle wallet and store the username/password there. I am just too lazy to search the documentation for details about this feature. Just look at the 10g release 2 new features book if interested


  5. #5
    Join Date
    Oct 2000
    Saskatoon, SK, Canada
    1. I would agree with marist89. Simple rule of thumb, don't use sys or system. accounts in your scripts. So how do you get around?

    a. Create an access account
    b. Grant a very limited default privs.
    c. Have an application account where you store all your objects
    d. grant the execute privs to the access user to execute the objects under application account.
    e. create fingrain access to the objects based on the server and user.

    Hence you have reduced the imapct on your system. Oracle Wallet is a good option. But first check for your license compliances befoe using it. Oracle's business strategy is like carrot and money. You use you pay!

    Life is a journey, not a destination!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Click Here to Expand Forum to Full Width

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.