Re: Passwords in Scripts

  • From: fmhabash <fmhabash@xxxxxxxxx>
  • To: ian@xxxxxxxxxxxxxxxxx
  • Date: Wed, 20 Jun 2007 12:45:38 -0400

I personally developed all my DBA management tools using PERL for monitoring, backups, and OS based jobs. I save passwords in flat files encrypted 128-bit. These tools decrypt them at run time only. DBAs have their interfaces to these files using their own individual keys. You can also put them in some database of your liking and the major players have packages to en/decrypt data.


Fred Habash (OCP 8i,9i)
ACS Healthcare
Off: 248-226-8778
http://www.acs-inc.com/index.html

MacGregor, Ian A. wrote:
How are people handling the presence of database passwords in scripts on client machines? I'm talking about Perl, Java, .NET, SQL*Plus and other programs running on Solaris, Linux, and Windows clients which have an Oracle password inside the program or reference a file which has one.

I tried Oracle's password safe problem to see if would fix the problem of 
having the rman catalog password in backup scripts.  The client here is 
different as it is also another database server.  Two things happened,  the 
account under which the Oracle software was installed w could not log on to 
Oracle is a also an externally identified Oracle without a password.  This was 
due to the authentication being switched from the operating system to the 
password safe.  Not what was wanted.  The other thing that happened was that 
the Context option broke.  I could understand that if the indexes were on 
binary data where an external procedure call needs to be made;  however this 
was on character data, and it happened on two different systems.  Is it 
possible to have both OS and password authentication active simultaneously?

The RMAN connections did work. However the connect sting is simply /. If there are multiple accounts which need this ability on any one instance of Oracle, this does not seem a workable solution. What are others using as a password escrow system. Ian --
//www.freelists.org/webpage/oracle-l



--
//www.freelists.org/webpage/oracle-l


Other related posts: