By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,369 Members | 950 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,369 IT Pros & Developers. It's quick & easy.

Shell Scripting in UNIX environment for Oracle Database

P: 19
Hi,

I have one shell script which runs a report and sends the output to user.
The shell script has some queries written in it in SQL and hence when I execute a shell script via a concurrent programme, I need to ensure that shell script connects to Oracle Database to execute the SQL written inside it.
Now when I hard code the shell script with User ID / PWD, the scripts run fine.....but I dont want to put the user id and pwd in shell script for security reasons.....do we have something better than hard coding user id and pwd

Thanks
Sanket
Dec 5 '06 #1
Share this Question
Share on Google+
6 Replies


Expert
P: 96
Hi,

I have one shell script which runs a report and sends the output to user.
The shell script has some queries written in it in SQL and hence when I execute a shell script via a concurrent programme, I need to ensure that shell script connects to Oracle Database to execute the SQL written inside it.
Now when I hard code the shell script with User ID / PWD, the scripts run fine.....but I dont want to put the user id and pwd in shell script for security reasons.....do we have something better than hard coding user id and pwd

Thanks
Sanket
I also stress more on security in a real production environment.
Unix Environmental variables are user/session specific, which other users/sessions can't see.
Set environmental variables for oracle User ID / PWD. which you can put in Unix user's .profile or ask the user at the time of login to unix environment.

Hope this helps
Dec 6 '06 #2

P: 3
Hi,

I have one shell script which runs a report and sends the output to user.
The shell script has some queries written in it in SQL and hence when I execute a shell script via a concurrent programme, I need to ensure that shell script connects to Oracle Database to execute the SQL written inside it.
Now when I hard code the shell script with User ID / PWD, the scripts run fine.....but I dont want to put the user id and pwd in shell script for security reasons.....do we have something better than hard coding user id and pwd

Thanks
Sanket
HI :)
One solution is to use in the script connect string inside you script, like:
Expand|Select|Wrap|Line Numbers
  1. sqlplus sqlplus -s /nolog  << *EOF*
  2. conn <user>/<pass>
  3. .....
  4. <SQL>
  5. .....
  6. *EOF* 
10X,

Roni
Dec 6 '06 #3

P: 19
Hi,

The problem is that I am new to shell scripting and does not know how to set the environment variables. Can u pls help me in that......
Also note that we are keeping the sh script in a custom directory and then we are registering a custom programme in Oracle ERP with execution method as HOST so that the programme will call and execute the shell script. So security wise, my concern is only when a UNIX user logs on to UNIX Custom directory and view the shell script which has the USER ID and PWD.

Pls advice
Thanks

I also stress more on security in a real production environment.
Unix Environmental variables are user/session specific, which other users/sessions can't see.
Set environmental variables for oracle User ID / PWD. which you can put in Unix user's .profile or ask the user at the time of login to unix environment.

Hope this helps
Dec 7 '06 #4

P: 19
Hi

I guess the conn command will again require me to put the USERID and PWD
My concern is a situatiion when an Unix User Logs on and views the content of the Shell Script

Thanks


HI :)
One solution is to use in the script connect string inside you script, like:
Expand|Select|Wrap|Line Numbers
  1. sqlplus sqlplus -s /nolog  << *EOF*
  2. conn <user>/<pass>
  3. .....
  4. <SQL>
  5. .....
  6. *EOF* 
10X,

Roni
Dec 7 '06 #5

P: 19
can somebody pls help me on this
Dec 8 '06 #6

P: 12
You could read from a file where the usernames and passwords are stored.

Store the password file in a directory where only DBAs can get to.

That you read from a file to obtain a password will be obvious to the Unix sysadmin, but what you read from it does not need to be echoed in the logs.

Recommend that you make the passwords very long up to 30 characters, and very difficult to guess.
Dec 10 '06 #7

Post your reply

Sign in to post your reply or Sign up for a free account.