Re: hide sqlplus pwd

On Sat, Oct 31, 2009 at 2:52 PM, Eugene Pipko <eugene.pipko@xxxxxxxxxxxx>wrote:

>  @Jared
>
> Some users have access to the scheduler and can see the password pretty
> easy. The user under which tasks are being executed is quite powerful.
>
> I am trying to avoid potential recovery some day.
>
> What I am trying to do is to be able to run our scheduled tasks by running
> something like:
>
> Sqlplusw.exe / @c:\jobs\task1.sql;
>
> Perhaps every script that I run will contain a wrapped procedure that would
> contain user/pwd and database info.
>
>
>

Use of the wallet is one way, though I have not used that personally, so
can't
offer any experiences with that.

Another method is to retrieve the password from a password manager, and then
perform the connect inside the SQL script.

I use PDBA:PWD, but there are also commercial password managers
that have a command line interface for use in scripts. Password Manager
Pro for instance has this ability.

Here's an example from a CMD file:

set USERNAME=%2%
@set DATABASE=%1%

@echo off
@for /F %%I in ('d:\perl\bin\pwc.pl -username %USERNAME% -instance
%DATABASE%') do (
@set NBUPWD=%%I
)
@echo on

The password NBUPWD can then be used inside a script to connect.

David Fitzjarrel has already responded with the sqlplus bit, I was just
giving an example of how to get the password.

All of my linux scripts work this way, though I have to confess I haven't
made that change in this particular CMD script for Windows.

Guess that will change now that I've had to take another look at it.  :)


Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
Oracle Blog: http://jkstill.blogspot.com
Home Page: http://jaredstill.com

Other related posts: