Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Encrypting DataBase Passwords
Operating Systems HP-UX Encrypting DataBase Passwords Post 302335893 by b_sri on Monday 20th of July 2009 05:37:44 PM
Old 07-20-2009
Encrypting DataBase Passwords
Hi All

We have got a HUGE process of securing our infrastructure(primarily the database)
We basically establish connection to oracle database from our UNIX shell scripts

when we do ps -ef | grep sqlplus


it blurts out all the credentials as output.

sqplus username/password@server

Now our DBAs have got a "security" concern if the passwords are shown even via ps -ef

is there anyway, we can try and hide this?

I am not sure how encrypting helps, but i am trying that option as of now.Any other options or suggestions on encryption would be appreciated.

Thanks
Srividya
 

9 More Discussions You Might Find Interesting

1. AIX

Encrypting password

I have a strange question for someone regarding the AIX 5.2 environment. Here is the scenerio: I have a script that is running a menu full of options. 1. I like food 2. I don't like food Enter Option:_ Enter userID:_ Enter Password:_ (The menu is conversational only so go with me on... (6 Replies)
Discussion started by: Justman
6 Replies

2. Solaris

Encrypting a script......

Hiiiiii..... every one..... I have written a script, and i want to make that script confidential.So that, only i can see that script. I am using " crypt " command in solaris 9, to encrypt that script.But when i am executing this... (6 Replies)
Discussion started by: prashantshukla
6 Replies

3. Shell Programming and Scripting

Encrypting a shell script

Hi all, I have one script with me , say automate.sh. I would like to encrypt it, so that no one can see the contents of this script. Can anyone guide me to encrypt/decrypt this script? Regards, akash (1 Reply)
Discussion started by: akash_mahakode
1 Replies

4. Shell Programming and Scripting

Encrypting the password

Iam using the teradata... and running the scripts in unix, I wan to encrypt the teradata password in Unix... my hostname is : bprod usename: KRN777 passwrd: passwrd can ant one tell me the exact command to encrypth the passwrd.... thanks, (5 Replies)
Discussion started by: nani1984
5 Replies

5. Shell Programming and Scripting

Encrypting bash script

I used shc for encrypting a bash script. It worked fine, but the issue is that, when I run the script using ./test.sh.x in a screen and after getting out of the screen when I type "ps aux" I can see the source code from the command prompt and also the commands being executed as plain text. See... (1 Reply)
Discussion started by: anilcliff
1 Replies

6. Shell Programming and Scripting

Encrypting password

Hello All, I need to accept a password from the user and validate it, without having to hard-code it anywhere. Any ideas? (3 Replies)
Discussion started by: optimus_1
3 Replies

7. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

8. Programming

Encrypting/Decrypting passwords

I know that simply encrypting and decrypting passwords in a script is as bad as storing them in plain text, but I've been searching for an answer to this for a few days now, and haven't found an answer that fits the problem I'm having. Here's the scenario. I'll give more details than I think may... (3 Replies)
Discussion started by: mdrisser
3 Replies

9. High Performance Computing

Encrypting interconnect

Hi, i've got a qusetion regarding interconnect of compute nodes. In our company we are running a Simulation Cluster which is administrated by the Simulation department. Now our central IT requires to encrypt the interconnect of the compute nodes. Does anybody in that business encrypt... (3 Replies)
Discussion started by: fiberkill
3 Replies

LEARN ABOUT OSX

dsconfigldap

dsconfigldap(1) 					    BSD General Commands Manual 					   dsconfigldap(1)

NAME

     dsconfigldap -- LDAP server configuration/binding add/remove tool.

SYNOPSIS

     dsconfigldap [-fvixsgmeSN] -a servername [-n configname] [-c computerid] [-u username] [-p password] [-l username] [-q password]

     dsconfigldap [-fviSN] -r servername [-u username] [-p password] [-l username] [-q password]

		  options:
			-f	       force authenticated binding/unbinding
			-v	       verbose logging to stdout
			-i	       prompt for passwords as required
			-x	       choose SSL connection
			-s	       enforce secure authentication only
			-g	       enforce packet signing security policy
			-m	       enforce man-in-middle security policy
			-e	       enforce encryption security policy
			-S	       do not update search policies
			-N	       do not prompt about adding certificates
			-h	       display usage statement
			-a servername  add config of servername
			-r servername  remove config of servername
			-n configname  name given to LDAP server config
			-c computerid  name used if binding to directory
			-u username    privileged network username
			-p password    privileged network user password
			-l username    local admin username
			-q password    local admin password

DESCRIPTION

     dsconfigldap allows addition or removal of LDAP server configurations. Presented below is a discussion of possible parameters. Usage has
     three intents: add server config, remove server config, or display help.

     Options list and their descriptions:

     -f       Bindings will be established or dropped in conjunction with the addition or removal of the LDAP server configuration.

     -v       This enables the logging to stdout of the details of the operations. This can be redirected to a file.

     -i       You will be prompted for a password to use in conjunction with a specified username.

     -s       This ensures that no clear text passwords will be sent to the LDAP server during authentication.	This will only be enabled if the
	      server supports non-cleartext methods.

     -e       This ensures that if the server is capable of supporting encryption methods (i.e., SSL or Kerberos) that encryption will be enforced
	      at all times via policy.

     -m       This ensures that man-in-the-middle capabilities will be enforced via Kerberos, if the server supports the capability.

     -g       This ensures that packet signing capabilities will be enforced via Kerberos, if the server supports the capability.

     -x       Connection to the LDAP server will only be made over SSL.

     -S       Will skip updating the search policies.

     -N       Will assume Yes for installing certificates

     -h       Display usage statement.

     -a servername
	      This is either the fully qualified domain name or correct IP address of the LDAP server to be added to the DirectoryService LDAPv3
	      configuration.

     -r servername
	      This is either the fully qualified domain name or correct IP address of the LDAP server to be removed from the DirectoryService
	      LDAPv3 configuration.

     -n configname
	      This is the UI configuration label that is to be given the LDAP server configuration.

     -c computerid
	      This is the name to be used for directory binding to the LDAP server. If none is given the first substring, before a period, of the
	      hostname (the defined environment variable "HOST") is used.

     -u username
	      Username of a privileged network user to be used in authenticated directory binding.

     -p password
	      Password for the privileged network user.  This is a less secure method of providing a password, as it may be viewed via process
	      list.  For stronger security leave the option off and you will be prompted for a password.

     -l username
	      Username of a local administrator.

     -q password
	      Password for the local administrator.  This is a less secure method of providing a password, as it may be viewed via process list.
	      For stronger security leave the option off and you will be prompted for a password.

EXAMPLES

     dsconfigldap -a ldap.company.com

     The LDAP server config for the LDAP server myldap.company.com will be added. If authenticated directory binding is required by the LDAP
     server, then this call will fail. Otherwise, the following parameters configname, computerid, and local admin name will respectively pick up
     these defaults: ip address of the LDAP servername, substring up to first period of fully qualified hostname, and username of the user in the
     shell this tool was invoked.

     dsconfigldap -r ldap.company.com

     The LDAP server config for the LDAP server myldap.company.com will be removed but not unbound since no network user credentials were sup-
     plied.  The local admin name will be the username of the user in the shell this tool was invoked.

SEE ALSO

     opendirectoryd(8), odutil(1)

Mac OS								   April 24 2010							    Mac OS
All times are GMT -4. The time now is 04:55 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy