Re: Encrypt sensitive passwords in shell script - Which one do you prefer ?
- From: Niall Litchfield <niall.litchfield@xxxxxxxxx>
- To: "D'Hooge Freek" <Freek.DHooge@xxxxxxxxx>
- Date: Mon, 16 May 2011 15:51:50 +0100
That's my understanding as well - hence my question to the OP.
Sreejith - see
http://www.oracle-base.com/articles/10g/SecureExternalPasswordStore_10gR2.php
for
a how to.
On Mon, May 16, 2011 at 3:38 PM, D'Hooge Freek <Freek.DHooge@xxxxxxxxx>wrote:
> Pete,
> X-archive-position: 36300
> X-ecartis-version: Ecartis v1.0.0
> Sender: oracle-l-bounce@xxxxxxxxxxxxx
> Errors-to: oracle-l-bounce@xxxxxxxxxxxxx
> X-original-sender: Freek.DHooge@xxxxxxxxx
> Precedence: normal
> Reply-To: Freek.DHooge@xxxxxxxxx
> List-help: <mailto:ecartis@xxxxxxxxxxxxx?Subject=help>
> List-unsubscribe: <oracle-l-request@xxxxxxxxxxxxx?Subject=unsubscribe>
> List-software: Ecartis version 1.0.0
> List-Id: oracle-l <oracle-l.freelists.org>
> X-List-ID: oracle-l <oracle-l.freelists.org>
> List-subscribe: <oracle-l-request@xxxxxxxxxxxxx?Subject=subscribe>
> List-owner: <mailto:steve.adams@xxxxxxxxxxxx>
> List-post: <mailto:oracle-l@xxxxxxxxxxxxx>
> List-archive: <//www.freelists.org/archives/oracle-l>
> X-list: oracle-l
>
> Am I correct in thinking that the Oracle Wallet solution can be used
> without needing advanced security as long as the authentication is password
> based?
>
> Following links seem to suggest so, but I'm not certain:
>
>
> http://download.oracle.com/docs/cd/B19306_01/license.102/b14199/editions.htm#sthref32
>
> http://download.oracle.com/docs/cd/B19306_01/license.102/b14199/options.htm#sthref40
>
>
> Kind regards,
>
> Freek D'Hooge
> Uptime
> Oracle Database Administrator
> email: freek.dhooge@xxxxxxxxx
> tel +32(0)3 451 23 82
> http://www.uptime.be
> disclaimer: www.uptime.be/disclaimer
> -----Original Message-----
> From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
> On Behalf Of Pete Finnigan
> Sent: maandag 16 mei 2011 15:48
> To: Sreejith.Sreekantan@xxxxxxxxxx
> Cc: oracle-l@xxxxxxxxxxxxx
> Subject: Re: Encrypt sensitive passwords in shell script - Which one do you
> prefer ?
>
> Have a look at Oracle secure external password store -
>
> http://www.oracle-base.com/articles/10g/SecureExternalPasswordStore_10gR2.php
> or if you want a free solution look at OPR - http://opr.sourceforge.net
>
> cheers
>
> Pete
>
> Sreejith S Nair wrote:
> > Hi List,
> >
> > I am looking for various options to encrypt a sensitive password in a
> > unix shell script. After a bit of googling, I learned about 'shc'.
> > Can you please advice on what things you use for this purpose, if any ?
> >
> > My requirement / idea is
> >
> > A .sql file will have to be executed by a shell script in SQLPLUS as
> > USER/XXXX . The .sql file will be prepared by developer and will be put
> > to a directory to which their osuser - say 'user1' will have write
> > access. I will have 'oracle' user in the server , who is the DBA user. I
> > want them to run this SQL like, *runthis.sh test.sql *where runthis.sh
> > is owned by oracle user and will reside in some directory owned by DBA
> > user. I am planning to configure schema password (USER/XXXX) in
> > runthis.sh , which a developer is not supposed to know.
> > But if I give execute permission for 'user1' to runthis.sh, it becomes
> > readable and all can read the password. Is there anyway , I can store
> > encrypted password in SQLPLUS connect string in this file / encrypt
> > shell script as such ?
> >
> > Thanks in Advance.
> >
> >
> > With Regards,
> > Sreejith
> >
> > --
> > Sreejith S Nair
> > Associate Systems Architect | AOS DBA Team
> >
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> >
> > "The information in this e-mail and any attachment is intended only for
> > the person to whom it is addressed and may contain confidential and/or
> > privileged material. If you have received this e-mail in error, kindly
> > contact the sender and destroy all copies of the original communication.
> > IBS makes no warranty, express or implied, nor guarantees the accuracy,
> > adequacy or completeness of the information contained in this email or
> > any attachment and is not liable for any errors, defects, omissions,
> > viruses or for resultant loss or damage, if any, direct or indirect."
> >
> >
> >
> >
>
> --
>
> Pete Finnigan
> Director
> PeteFinnigan.com Limited
>
> Specialists in database security.
>
> Makers of PFCLScan the database security auditing tool.
>
> If you need help to audit or secure an Oracle database, please ask for
> details of our training courses and consulting services
>
> Phone: +44 (0)1904 791188
> Fax : +44 (0)1904 791188
> Mob : +44 (0)7742 114223
> email: pete@xxxxxxxxxxxxxxxx
> site : http://www.petefinnigan.com
>
> Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom
> Company No : 4664901
> VAT No. : 940668114
>
> Please note that this email communication is intended only for the
> addressee and may contain confidential or privileged information. The
> contents of this email may be circulated internally within your
> organisation only and may not be communicated to third parties without
> the prior written permission of PeteFinnigan.com Limited. This email is
> not intended nor should it be taken to create any legal relations,
> contractual or otherwise.
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
>
--
Niall Litchfield
Oracle DBA
http://www.orawin.info
Other related posts:
