Hide SqlPlus username/password in UNIX Script

[gilgantic]

I want to hide the username and password when I run SqlPlus on in a UNIX script.
How do I do this?

My original solution was to
I execute the script under a super user (root user), which has
no password, but the

Example of what I have so far ...
echo "execute sample;" | $ORACLE_HOME/bin/sqlplus scott/tiger

Step 1: I login to UNIX using scott/tiger for username/password
Step 2: I change to the Super User (ie. su superuser), which has no password
Step 3: Run the script with following line ...
echo "execute sample;" | $ORACLE_HOME/bin/sqlplus superuser/
I tried changing the username/password to the superuser.

Of course, this failed. My reason for Step 3, was since superuser had no
password associated with it, it would automatically login.

Thanks!
Gil

[Steve]

Assuming you're just trying to hide the username/password from people using
the "ps" command, you could do something like:

$ORACLE_HOME/bin/sqlplus /nolog <<EOF
connect scott/tiger
<execute SQL>
exit
EOF

If you don't want hard-coded passwords in your scripts, you can substitute a
connect string for OS authentication.

Steve

"gilgantic" <gilg...@yahoo.com> wrote in message
news:d6052717.03042...@posting.google.com...

[J Alex]

"gilgantic" <gilg...@yahoo.com> wrote

Look at the 'operating system authentication' feature. This will let you use
'sqplus /' as your login in the Unix script.

[Karsten Farrell]

gilg...@yahoo.com said...

There are 3 solutions (many others exist) here:

http://www.orafaq.com/faqunix.htm/#HIDEPSW
--
/Karsten
DBA > retired > DBA

[Tim X]

>>>>> "Gil" == gilgantic <gilg...@yahoo.com> writes:

Gil> I want to hide the username and password when I run SqlPlus on
Gil> in a UNIX script. How do I do this?

Gil> My original solution was to I execute the script under a super
Gil> user (root user), which has no password, but the

Gil> Example of what I have so far ... echo "execute sample;" |
Gil> $ORACLE_HOME/bin/sqlplus scott/tiger

Gil> Step 1: I login to UNIX using scott/tiger for username/password
Gil> Step 2: I change to the Super User (ie. su superuser), which has
Gil> no password Step 3: Run the script with following line ... echo
Gil> "execute sample;" | $ORACLE_HOME/bin/sqlplus superuser/ I tried
Gil> changing the username/password to the superuser.

Gil> Of course, this failed. My reason for Step 3, was since
Gil> superuser had no password associated with it, it would
Gil> automatically login.

Gil> Thanks! Gil

Just a couple of comments

1. I hope I misunderstand your statement that the superuser has no
password! If this is the case, the problem of your
username/password being seen is irrelevent compared to the HUGE
security hole of having a superuser without a password.

2. If what you are really worried about is using the password on the
command line, which means it is visible to anyone on the server who
can run the ps command, then you might be interested in using a
HERE document. This is a shell scripting technique where you use
redirection so that a command takes its input from lines within the
script itself. Using this technique means the password is not
passed as a command line argument and therefore is not visible to
the ps command. You can then use file permission settings (read
permission) to restrict who can read the file and see the password
in the script. Any decent book on unix scripting will cover here
documents. Essentially you have the following structure

command <<EOF
line
line
line
EOF

Where everything from the first EOF is sent to the command, line at a
time and executed as if it had been entered via standard input.

Tim
--
Tim Cross
The e-mail address on this message is FALSE (obviously!). My real e-mail is
to a company in Australia called rapttech and my login is tcross - if you
really need to send mail, you should be able to work it out!

[Ubiquitous]

In article <d6052717.03042...@posting.google.com>,
gilg...@yahoo.com wrote:

>I want to hide the username and password when I run SqlPlus on in a UNIX
>script.How do I do this?

I never tried it, but about using a stored PL/SQL procedure containing
the call which invokes SQL*LOADER? That way you just invoke the stored
procedure without showing the password.

--
======================================================================
ISLAM: Winning the hearts and minds of the world, one bomb at a time.

[Daniel Morgan]

Ubiquitous wrote:

You can not execute SQL*Loader from a PL/SQL procedure. SQLJ yes, but not
PL/SQL.

And thank you for slamming an entire religion and every single person that
believes in it because of the actions of a few psychopaths. This is hardly
putting our best values forward in an international forum and I find your tag
line offensive.
--
Daniel Morgan
http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp
damo...@x.washington.edu
(replace 'x' with a 'u' to reply)

[Daniel Morgan]

Sander Goudswaard wrote:

> Daniel Morgan <damo...@exxesolutions.com> wrote in
> news:3EB0B31A...@exxesolutions.com:

>
> > You can not execute SQL*Loader from a PL/SQL procedure. SQLJ yes, but
> > not PL/SQL.
>

> What about extproc?
>
> - Sander

http://asktom.oracle.com/pls/ask/f?p=4950:8:115918821893170870::NO::F4950_P8_DISPLAYID,F4950_P8_CRITERIA:504003316498,

You are correct. But this is written in C ... no PL/SQL.

[Erik Ykema]

You could also define an environment variable, like export
MMCONNECT=user/password@instance
and then connect to sql*plus in the unix-script with
sqlplus $MMCONNECT @script.
By executing
set | grep MMCONNECT
a logged-in user can see the value of MMCONNECT.
Also trusted oracle (sqlplus /) might help out, the acces control is the
shifted from sql*plus access restriction to unix.
Good Luck,
Erik Ykema

"Ubiquitous" <web...@polaris.net> wrote in message
news:Tbucnc2T7Kx...@comcast.com...

[Daniel Morgan]

Erik Ykema wrote:

Dangerous security breach. Why not just use an OPS$ account?