Results 1 to 4 of 4
  1. #1
    Join Date
    Jun 2014
    Posts
    2

    Unanswered: Hiding ORACLE password from UNIX log

    I have a unix script which is hitting the oracle database for a query. The problem is that with the command "sqlplus -S $sqlconn << EOT >> ${parms_file}" , the username and password is visible in the log. Basically the variable "$sqlconn" is declared in a profile file from where the script is calling the value. The profile file has limited access, but the credentials are easily visible in the log. Is there a way to make the password encrypted or suppress this complete line from the log? Also, as an information, the result of the query is written the "parms_file" which is declared in the beginning of the script. A quick help would be very much appreciated . My deadline is monday/

  2. #2
    Join Date
    Jun 2014
    Posts
    2

    Help required to suppress oracle password in unix

    I have a unix script that has an oracle query . While connecting to the database, I am using the command ..
    sqlplus -S $sqlconn << EOT >> ${parms_file}
    the $sqlconn is defined in a profile file where the username and passwords are stored.

    The problem is that when the script runs, the username and password is clearly visible in the logs. I want to avoid that.

    I tried adding
    sqlplus -S $sqlconn << EOT >> ${parms_file} > /dev/null 2>&1
    to suppress the message but that's not working.

    Is there a way to 1) encrypt the password or 2) surpress this message?

  3. #3
    Join Date
    Aug 2003
    Location
    Where the Surf Meets the Turf @Del Mar, CA
    Posts
    7,776
    Provided Answers: 1
    !) for my Production database server system, I (the DBA) is only person who can physically log onto the DB Server itself. So I would not care if I can see the password in the log file.
    2) I "assume" that this script being discussed reside on the DB Server itself, not some remote client system. If so you could use OS Authentication to eliminate use of password.
    https://www.google.com/?gws_rd=ssl#q...authentication
    You can lead some folks to knowledge, but you can not make them think.
    The average person thinks he's above average!
    For most folks, they don't know, what they don't know.
    Good judgement comes from experience. Experience comes from bad judgement.

  4. #4
    Join Date
    Sep 2009
    Location
    Ontario
    Posts
    1,057
    Provided Answers: 1
    You might try setting the permissions of the log file to 0622 and ownership to root.
    The file will be writable by everyone but only readable by root.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •