Hiding password in shell Scripts requires oracle connection.

Hiding password in shell Scripts requires oracle connection.

1. User identified externally

SQL> show parameter prefix

------------------------------------ ----------- -----
os_authent_prefix string OPS$

SQL> create user ops$sandeep identified externally;
User created.

User sandeep will be able to connect as
sqlplus /

You can use the OS user to connect to Database.

2. Use Oracle wallet.

Oracle gives us the option of using a secure external password store where the Oracle login credentials are stored in a client-side Oracle wallet. This allows scripts to contain connections using the "/@db_alias" syntax.

Create a wallet and wallet entry for database connection.
Identify the wallet location
set the wallet location as TNS_ADMIN
export TNS_ADMIN=
create the sqlnet.ora file
Create the tnsnames.ora file with the wallet entries

learn about mkstore to create wallet.

3. print password | sqlplus apps

4. Put the passwords in some OS file with 700 permissions. You can have you scripts read the password from script.
cat passfile.sh

cat myshell.sh
ksh passfile.sh
sqlplus << EOF
select sysdate from dual;

Oracle Wallet is my favourite one out of these.

No comments:

Post a Comment