Re: hide sqlplus pwd

  • From: Jared Still <jkstill@xxxxxxxxx>
  • To: Eugene Pipko <eugene.pipko@xxxxxxxxxxxx>
  • Date: Sat, 31 Oct 2009 23:46:43 -0700

On Sat, Oct 31, 2009 at 2:52 PM, Eugene Pipko <eugene.pipko@xxxxxxxxxxxx>wrote:

>  @Jared
> Some users have access to the scheduler and can see the password pretty
> easy. The user under which tasks are being executed is quite powerful.
> I am trying to avoid potential recovery some day.
> What I am trying to do is to be able to run our scheduled tasks by running
> something like:
> Sqlplusw.exe / @c:\jobs\task1.sql;
> Perhaps every script that I run will contain a wrapped procedure that would
> contain user/pwd and database info.

Use of the wallet is one way, though I have not used that personally, so
offer any experiences with that.

Another method is to retrieve the password from a password manager, and then
perform the connect inside the SQL script.

I use PDBA:PWD, but there are also commercial password managers
that have a command line interface for use in scripts. Password Manager
Pro for instance has this ability.

Here's an example from a CMD file:

set USERNAME=%2%
@set DATABASE=%1%

@echo off
@for /F %%I in ('d:\perl\bin\ -username %USERNAME% -instance
%DATABASE%') do (
@set NBUPWD=%%I
@echo on

The password NBUPWD can then be used inside a script to connect.

David Fitzjarrel has already responded with the sqlplus bit, I was just
giving an example of how to get the password.

All of my linux scripts work this way, though I have to confess I haven't
made that change in this particular CMD script for Windows.

Guess that will change now that I've had to take another look at it.  :)

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
Oracle Blog:
Home Page:

Other related posts: