RE: Alternatives to RMAN cleartext password in batch file for backups?

• From: Michael Dinh <mdinh@xxxxxxxxx>
• To: "cicciuxdba@xxxxxxxxx" <cicciuxdba@xxxxxxxxx>, "troach@xxxxxxxxx" <troach@xxxxxxxxx>
• Date: Sun, 24 Apr 2011 08:59:39 -0700

Here is another one that I have used at a company before.

http://laurentschneider.com/wordpress/2006/07/oracle-password-repository.html

________________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx [oracle-l-bounce@xxxxxxxxxxxxx] On Behalf 
Of Guillermo Alan Bort [cicciuxdba@xxxxxxxxx]
Sent: Sunday, April 24, 2011 8:51 AM
To: troach@xxxxxxxxx
Cc: bwmyers@xxxxxxxxx; oracle-l@xxxxxxxxxxxxx
Subject: Re: Alternatives to RMAN cleartext password in batch file for backups?

Well, you must use a decryptable encryption for this to work, but you could 
always call RMAN like this:

$!/bin/bash
CATALOG_PASSWORD=`decrypt_command encrypted_password_file`

rman target / catalog catalog_user/${CATALOG_PASSWORD}@SID script ...

Where the decrypt_command is a command that returns a cleartext password from 
the 'encrypted_password_file'. It's not the best solution as anyone with 
execute permissions on decrypt_command and/or read permissions on 
encrypted_password_file would be able to access the cleartext password. But 
then again,in several cases security guidelines are not about security, but 
about compliance.

hth
Alan.-


On Sun, Apr 24, 2011 at 12:27 AM, Thomas Roach 
<troach@xxxxxxxxx<mailto:troach@xxxxxxxxx>> wrote:
Why don't you encrypt your shell script?

http://linux.koolsolutions.com/2009/01/20/howto-encrypting-a-shell-script-on-a-linux-or-unix-based-system/

On Sat, Apr 23, 2011 at 9:05 PM, Bill Myers 
<bwmyers@xxxxxxxxx<mailto:bwmyers@xxxxxxxxx>> wrote:
Hi all,
I have the following commands in a batch file scheduled for daily execution:

set oracle_sid=mydatadb
rman target / catalog mycatusr/mycatpwd@mycatdb script Daily_Backup >> 
backup.log

My organization requires the catalog password (mycatpwd) above to be encrypted 
and not stored as clear text in any other file or environment variable. How can 
I still use this batch file for scheduled backups without providing a clear 
text password?

The only option I can think of is to compile the commands into a binary 
executable. Any other ideas besides that?

Thanks in advance.
Bill



--
Thomas Roach
813-404-6066
troach@xxxxxxxxx<mailto:troach@xxxxxxxxx>

--
//www.freelists.org/webpage/oracle-l

• References:
  • Alternatives to RMAN cleartext password in batch file for backups?
    • From: Bill Myers
  • Re: Alternatives to RMAN cleartext password in batch file for backups?
    • From: Thomas Roach
  • Re: Alternatives to RMAN cleartext password in batch file for backups?
    • From: Guillermo Alan Bort

Other related posts:

• » Alternatives to RMAN cleartext password in batch file for backups?- Bill Myers
• » RE: Alternatives to RMAN cleartext password in batch file for backups?- Michael Dinh
• » Re: Alternatives to RMAN cleartext password in batch file for backups?- Bill Myers
• » Re: Alternatives to RMAN cleartext password in batch file for backups?- Bill Myers
• » Re: Alternatives to RMAN cleartext password in batch file for backups?- Bill Myers
• » Re: Alternatives to RMAN cleartext password in batch file for backups?- Thomas Roach
• » Re: Alternatives to RMAN cleartext password in batch file for backups?- Guillermo Alan Bort
• » RE: Alternatives to RMAN cleartext password in batch file for backups? - Michael Dinh
• » RE: Alternatives to RMAN cleartext password in batch file for backups?- Mercadante, Thomas F (LABOR)
• » Re: Alternatives to RMAN cleartext password in batch file for backups?- Jamey Johnston
• » RE: Alternatives to RMAN cleartext password in batch file for backups?- D'Hooge Freek
• » RE: Alternatives to RMAN cleartext password in batch file for backups?- Mark W. Farnham
• » Re: Alternatives to RMAN cleartext password in batch file for backups?- Nuno Souto

1. Home
2. oracle-l
3. Archive
4. 04-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---