You can avoid using Sys for expdp and impdp to keep from embedding a password
in the script by creating a DB User with sufficient privs to do Full jobs and
making it OS Authenticated. The OS User's password is then managed separately
and you can run all your impdp and expdp as that user.
Then your OS script just does this:
expdp / parfile=<YourParFile>
I know I'll get chastised for this, but we simply created a DB Account named
Oracle that's a copy of System. Our cron jobs run as the OS account oracle on
the DB server, authentication is simply / and away we go. We do change the
oracle OS account PW on a regular basis, so we feel very secure doing it this
way.
We're totally on 11gR2 but understand that OS Authentication goes away with 12c
and the Container DB model. DANG!
----
Jack C. Applewhite - Database Administrator
Austin I.S.D. - MIS Department
512.414.9250 (wk)
________________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> on behalf
of Howard Latham <howard.latham@xxxxxxxxx>
Sent: Friday, November 13, 2015 9:41 AM
To: Sweetser, Joe
Cc: ORACLE-L
Subject: Re: expdp as sys
thanks I read that before - not really convincing. Dp may leave a
table in the sys schema and the password is discover-able. - not good
practice but not a disaster!.
On 13 November 2015 at 15:38, Sweetser, Joe <JSweetser@xxxxxxxx> wrote:
This thread has some of the reasoning behind it, I think.
https://community.oracle.com/thread/2272386?tstart=0
-joe
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Howard Latham
Sent: Friday, November 13, 2015 8:24 AM
To: ORACLE-L <oracle-l@xxxxxxxxxxxxx>
Subject: expdp as sys
Oracle 11.2.04
REDHAT 5
Anyone know if an expdp as sys user is useless in someway why do oracle
advise against it?
--
Howard A. Latham
--
//www.freelists.org/webpage/oracle-l