RE: SQL scripts and passwords

RE: SQL scripts and passwords

 

  

There are other problems with your set up as well.
Try this
(1) sqlplus -s userid/password
(2)Assuming you have a SOLARIS/unix OS, type the following at the OS command
prompt
"ps -ef | grep "sqlplus -s"
What you will see is the output contains the userid and the password. BAD !!
BAD !!

Off the top of my head I can think of some possible options:
(1) Create some OPS$ users and connect via the 'slash' login. This of
course requires you restrict access to these users on t he OS side, and/or
(2) See if you can place these 'taskes' in entirely in the DB. In other
words, make a JOB for them that ORACLE knows about and will run for you via
DBA_JOBS. If you have ORACLE 10, "schedule" them to run as a task/job.

I have not given details, just some suggestions, but these are things we do
here to "get around" the same issue.

How have you other guys addressed this.

Jeff


-----Original Message-----
From: oracledba-return-125877-JEFFERY.L.SCHRENK=saic.[Email address protected]
[mailto:oracledba-return-125877-JEFFERY.L.SCHRENK=saic.[Email address protected]
n Behalf Of Brett N Exton
Sent: Wednesday, March 29, 2006 6:01 AM
To: LazyDBA Discussion
Subject: SQL scripts and passwords


Hi !

I have lots of batch files (windows) which call SQL scripts that have the
userid/password hard coded into the script

e.g. sqlplus -s userid/password

The passwords have to be in the scripts because these scripts are timed to
run
at various times of the day/night.

Consequently, if the permissions on a script was left open and a user got to
view the script then...who knows!

I am mulling some different ideas around as to how best to secure these
scripts
but would welcome some ideas.

Thanks!
--
Brett Exton



________________________________________________________________________
This e-mail and any attachments transmitted with it represents the
views of the individual(s) who sent them and should not be regarded
as the official view of Bridgend County Borough Council. The contents
are confidential and intended solely for the use of the addressee. If
you have received it in error, please inform the system administrator
on (+44) 01656 642111.

This e-mail and any attachments have been scanned with 'MessageLabs SkyScan'
- http://www.messagelabs.com/

________________________________________________________________________
Maer'r e-bost hwn ac unrhyw atodiadau a drosglwddir gydag ef yn cynrychioli
safbwyntiau'r unigolyn (unigolion) a'u hanfonodd ac ni ddylid eu hystyried
fel
safbwynt swyddogol Cyngor Bwrdeistref Sirol Pen-y-bont ar Ogwr. Mae'r
cynnwy
syn gyfrinachol ac wedi'i fwriadu at ddefnydd y person y'i cyfeiriwyd ato yn
unig. Os ydych wedi ei dderbyn mewn camgymeriad, rhowch wybod i weinyddwry
system ar (+44) 01656 642111.

Mae'r e-bost hwn ac unrhyw atodiadau wedi cael eu sganio gyda 'MessageLabs
SkyScan' - http://www.messagelabs.com/
________________________________________________________________________


--------
website: http://www.LazyDBA.com
Please don't reply to RTFM questions
Oracle documentation is here: http://tahiti.oracle.com
To unsubscribe: see http://www.lazydba.com/unsubscribe.html
To subscribe: see http://www.lazydba.com
By using this list you agree to these
terms:http://www.lazydba.com/legal.html

Oracle LazyDBA home page