Skip to Main Content


Question and Answer

Connor McDonald

Thanks for the question, Anvesh.

Asked: February 26, 2016 - 1:04 pm UTC

Answered by: Connor McDonald - Last updated: August 04, 2020 - 7:20 am UTC

Category: Developer - Version: 12.1.2

Viewed 1000+ times

You Asked

Hi Tom,

we have a risk of exposing our APPS schema password for host based concurrent programs in Oracle Apps.
The ps -ef command exposes the password unless encrypted.
We have gone back and added the ENCRYPT option for the Options Field for the Concurrent Program definitions.
We have also used $FCP_LOGIN instead of $1 while invoking SQL*Plus or SQL*Loader.
As part of these changes, we had a test case where we were trying to observe the this sub process, either SQL*Plus or SQL Loader itself in the ps -ef command.
We have observed that SQL*Plus does not display the password in the ps -ef command.
However, SQL Loader does display the password.
Hence, Can you please let us know the way to fix this or any workarounds for this.

Thanks in Advance

and we said...


a) use a wallet, see

b) echo the password, eg

echo my_password | sqlldr userid=abc@db ....

and it will not show in ps

and you rated our response

  (2 ratings)

Is this answer out of date? If it is, please let us know via a Review


February 29, 2016 - 4:26 am UTC

Reviewer: Anvesh Soma

Referring an old post on the same topic

August 01, 2020 - 9:56 pm UTC

Reviewer: Bibin from Bangalore, IN

Hi Connor,
As per the post below, the second solution of echo and pipe would still expose the password to the ps command.. Or, am I missing anything..?

Connor McDonald


August 04, 2020 - 7:20 am UTC

A lot depends on version and platform....for example

[oracle@db20 ~]$ sqlplus scott/tiger@db20pdb1

SQL*Plus: Release - Production on Tue Aug 4 15:16:43 2020

Copyright (c) 1982, 2020, Oracle.  All rights reserved.

Connected to:
Oracle Database 20c EE High Perf Release - Production


[oracle@db20 ~]$ ps -ef | grep sqlplus
oracle    3628  3128  1 15:16 pts/1    00:00:00 sqlplus                     
oracle    3640  3059  0 15:16 pts/0    00:00:00 grep --color=auto sqlplus
[oracle@db20 ~]$ ps auxw | grep sqlplus
oracle    3628  0.4  0.4 116572 24116 pts/1    Sl+  15:16   0:00 sqlplus                     
oracle    3680  0.0  0.0 112660  2204 pts/0    S+   15:17   0:00 grep --color=auto sqlplus

but of course, all of that is really just covering off the basics, ie, stopping someone from idly seeing it in ps. Its going to be saved in your history, and some process attaching will probably see it as well. Its a convenience not a cast iron lock. If you want to do it properly, you use a wallet.