Hi Niall,I think that the "secure external password store feature", which is what I alluded to, is free to use based on this paragraph in the 11g Licensing Information guide, page 1-9 (my underscoring):
*Oracle Wallet* An Oracle Wallet is a PKCS#12 container used to store authentication and encryption keys. _The database secure external password store feature stores passwords in an Oracle Wallet for authentication to the Oracle database._ Oracle Advanced Security uses the Oracle Wallet to store credentials for PKI authentication to the Oracle database, network encryption, and transparent data encryption. Oracle Wallet Manager is an application that wallet owners can use to manage and edit Oracle wallets. _Oracle Wallets can be deployed on clients, middle tiers, and database servers free of charge._ However, the following features that use an Oracle Wallet in turn require licensing of the Oracle Advanced Security Option: PKI credentials for authentication to Oracle Database, network encryption (SSL/TLS) to the Oracle database from middle tiers and database clients, and transparent data encryption master keys. Oracle Advanced Security option is not required when configuring wallets to secure communication between the Oracle database and Oracle Internet Directory as part of the enterprise user security feature of Oracle DatabaseOf course I may misinterpret this piece of legalistic prose. English never was my forte... :)
Cheers, Tony Niall Litchfield wrote:
HiI'm pretty sure that Oracle Wallet requires the advanced security option to be licensed. So a great solution if its already there, but somewhat overkill compared to parsing a protected text file if it isn't. I wonder these days how big the security risk of storing passwords in scripts is (not the convenience of only storing them once). Time was when we had real users logging onto the db server able to read scripts and sniff command lines. Those days pretty much died with client server though.(p.s my phone adaptive auto correct changed "command lin" to "named pipes" as I was typing . I should get out more)On 2 Feb 2011 05:42, "De DBA" <dedba@xxxxxxxxxx <mailto:dedba@xxxxxxxxxx>> wrote:Have you considered using Oracle Wallets? It takes a bit of effort to setup, but is quite resilient. We have used it for years to great satisfaction. You store just the credential's db_connect_string in a plain-text configuration file, which the script then picks up and uses to connect.see e.g.: http://askdba.org/weblog/2009/09/using-oracle-wallet-to-execute-shell-scriptcron-without-hard-coded-oracle-database-password/There used to be an Oracle Whitepaper as well which showed how to set this up with the sys account, but I cannot find it any more on the Oracle website. The actual topic of the whitepaper was "Using Oracle Recovery Manager (RMAN) with Database Vault", published in 2006. Basically you just create a credential as demonstrated in the link above and pass the connect string with "as sysdba" as per usual.Hth, Tony A Joshi wrote: > > hi> I have a script which is to be executed on many databases and different da...