Hiding passwords in a script
DBAsupport.com Forums - Powered by vBulletin
Results 1 to 5 of 5

Thread: Hiding passwords in a script

  1. #1
    Join Date
    Oct 2006
    Posts
    11

    Hiding passwords in a script

    Hi,
    I would like to create some scripts on Windows OS that will not divulge critical passwords. I have a script that is a bat file that connects to the Oracle database as SYS to pull out some info. I would like to write this is such a way that the SYS password is not shown within the script (sqlplus "sys/pwd" @C:\some.sql). Any ideas?

  2. #2
    Join Date
    Nov 2000
    Location
    greenwich.ct.us
    Posts
    9,092
    sure, don't use sys.
    Jeff Hunter
    marist89@yahoo.com
    http://marist89.blogspot.com/
    Get Firefox!
    "I pledge to stop eating sharks fin soup and will not do so under any circumstances."

  3. #3
    Join Date
    Nov 2004
    Location
    Mumbai, India
    Posts
    452
    There are two ways to do it.

    1) Login as a user which have ORADBA privilege and connect to the database using / as sysdba

    2) I you are not querying the fixed tables (X$ tables) then create a user grant him only the read privileges on the tables you want to query (ex: select_catalog_role) and use it for your purpose.
    There are three kinds of lies: Lies, damned lies, and benchmarks...

    Unix is user friendly. It's just very particular about who it's friends are.

    Oracle DBA

  4. #4
    Join Date
    Nov 2006
    Location
    Sofia
    Posts
    630
    As long as you use sys, I agree just use connect / as sysdba
    For any other user, and if you use 10g Release 2, you can create an Oracle wallet and store the username/password there. I am just too lazy to search the documentation for details about this feature. Just look at the 10g release 2 new features book if interested

    Cheers

  5. #5
    Join Date
    Oct 2000
    Location
    Saskatoon, SK, Canada
    Posts
    3,925
    1. I would agree with marist89. Simple rule of thumb, don't use sys or system. accounts in your scripts. So how do you get around?

    a. Create an access account
    b. Grant a very limited default privs.
    c. Have an application account where you store all your objects
    d. grant the execute privs to the access user to execute the objects under application account.
    e. create fingrain access to the objects based on the server and user.

    Hence you have reduced the imapct on your system. Oracle Wallet is a good option. But first check for your license compliances befoe using it. Oracle's business strategy is like carrot and money. You use you pay!
    Thanx
    Sam



    Life is a journey, not a destination!


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width