Skip to Main Content
  • Questions

  • How to hidden password of connect to oracle database someone user is needed in shell script file?

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Quanwen.

Asked: June 13, 2017 - 6:50 am UTC

Last updated: June 21, 2017 - 1:20 am UTC

Version: 11.2.0.4.0

Viewed 1000+ times

You Asked 

;;;
Export: Release 11.2.0.4.0 - Production on Tue Jun 13 04:00:02 2017

Copyright (c) 1982, 2011, Oracle and/or its affiliates.  All rights reserved.
;;;
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
;;; Legacy Mode Active due to the following parameters:
;;; Legacy Mode Parameter: "indexes=TRUE" Location: Command Line, ignored.
;;; Legacy Mode Parameter: "statistics=none" Location: Command Line, ignored.
;;; Legacy Mode has set reuse_dumpfiles=true parameter.
Starting "SZD_BASE_V2"."SYS_EXPORT_SCHEMA_01":  /********@base schemas=szd_base_v2 directory=expdp parallel=3 dumpfile=expdp_szd_base_v2_20170613040001_%U.dmp logfile=expdp_szd_base_v2_20170613040001.log reuse_dumpfiles=true
Estimate in progress using BLOCKS method...
Processing object type SCHEMA_EXPORT/TABLE/TABLE_DATA


For example,expdp file that is genreated by log file as follow,connect user and password is shown '********', but I want to write a shell script file for executing some sql query or other operation,but real password is shown,and I don't want to use oracle wallet to configuration,that configuration is feeling difficult. I don't know any other method,please give me some advice!

and Connor said...

See

https://connormcdonald.wordpress.com/2015/09/21/connection-shortcuts-with-a-wallet/

for details

Rating

  (4 ratings)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Quanwen Zhao, June 15, 2017 - 11:23 am UTC

Thanks a lot,Mr Connor. Configure wallet maybe is a good method,and is there any other better method? I think that configuring wallet is more complex.
Connor McDonald
June 17, 2017 - 1:16 am UTC

On *some* platforms you can do:

echo your_password | expdp userid=your_user dumpfile=....

some platform?Aix,HP-UX,Linux or Windows

A reader, June 18, 2017 - 9:13 am UTC

'echo your_password | expdp user of=username ......' is shown real password yet!!!!

I don't know what platform.

Thanks,Mr Connor!
Connor McDonald
June 19, 2017 - 3:03 am UTC

If you have that in a script, then the password will not be visible via a process listing.

If you dont want a record of the password *anywhere*, then use a wallet even if you " think that configuring wallet is more complex."

Quanwen Zhao, June 19, 2017 - 4:49 am UTC

I understand,now! Thanks your suggestion.

Another possible option...

J. Laurindo Chiappa, June 20, 2017 - 6:19 pm UTC

Hi : +1 here for the wallet option (it is very secure, easy to manage and can be promptly exported and imported between machines) but if due to any question the best option can not be used, another option could be to use the OPS$ / OS user identification - to do so, the sysadmin would create an account specifically to run scripts (call it SCRIPTRUNNER) and give to him all the privs needed to connect in the Oracle database, and inside the database the DBA would create an accont OPS$SCRIPTRUNNER and grant the neeed privileges to him... See https://oracle-base.com/articles/misc/os-authentication for an example...
With this setup, the shell script would run on the SCRIPTRUNNER OS account and pass / as the password to connect in the database, such as :

sqlplus /@scriptrorun.sql

Using this, anyone looking will see only / as the password.... This technique works and I used the option many many times before, but the main issue here will be the Administration : the password for SCRIPTRUNNER will be yet another one to protect and maintain, and normally there is no built-in facilities to export the password or replicate it to the people that would need to know it.... The wallet is very different in this sense : it can act as a one-point repository, and thus anyone permissioned to use the wallet could/would use any of the many passwords stored in the wallet...

Best regards,

J. Laurindo Chiappa

Connor McDonald
June 21, 2017 - 1:20 am UTC

nice input
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

VLDB

If you are new to partitioning, check out Connor McDonald's introduction series here.

VLDB

Documentation set on VLDB and Partitioning.