I am writing a shell script for sql loader (just copy part of the code) :
For security reason, I have to put the below loginName and password into another separate file instead of in the same file of this script.
Anyone can give me a hand. Thanks.
Shell Script :
Moderator's Comments:
Please use CODE tags when displaying sample input, output, and code segments.
For a user to execute a shell script, the user has to be able to read the shell script. Storing the name of a file (that can be read by your script) in a script that can be read by the user means that the user can read the file containing the DB username and DB username's password, so there isn't much security added by putting them in a different file. Some systems allow you to create set-UID shell scripts that could be used to run as the DB user and read a file that is only readable by that user, but there aren't many systems that still support set-UID shell scripts (and if you're using a shell that does allow that, you need to be VERY careful to avoid letting someone running your script get access to all of DB user's private files and changing DB user's password).
What operating system and shell are you using?
Can you use C or C++ instead of shell to write your script?
Thanks.
I knew there is no security indeed.
BUT, it is our silly company policy that does not want the user name and password put in the same place in the same script.
Thanks.
I knew there is no security indeed.
BUT, it is our silly company policy that does not want the user name and password put in the same place in the same script.
Linux server and ksh shell script.
Don't know C or C++.
My original post had several typos as pointed out by RudiC in a private message. (The read had loginName twice instead of loginName and password and the sqlplus command had unquoted literal strings instead of quoted variable expansions.) I apologize for anyone who read this message before the corrections were made.
Last edited by Don Cragun; 09-22-2017 at 06:22 AM..
Reason: Add quotes to sqlldr command and fix other typos.
No.
should set DATAFILE to the pathname of a file that contains the user's name and the user's password on the first line in that file with the values separated by a space. The read statement does not grab values from the string assigned to DATAFILE; it grabs values from the contents of the file named by that string!
I apologize for my original post (which contained several typos) that you mostly fixed. Please look at the updated suggestion in post #4 (which was updated 2 minutes before your last reply).
To make it slightly less obvious to people looking for passwords, I would suggest that the last component of the absolute path named by DATAFILE should have a period as the first character (such as .secret) so it won't show up in an ls command unless the -a option is included.
Note also that there is no reason to export any of the variables used in this script. You only need to export variables that you want to be available in the environment of processes invoked by your script. Your script depends on the variables INFILE_PATH, JOBNAME, LOG_PATH, DATE, and SQLLDR_CTL_PATH to be exported by whatever process invokes your script.
i have an expect script that runs like this:
/usr/bin/expect -f /home/skysmart/commandstoexecute.sh host2.net b$4aff Skysmart
when i run this command, and i do a ps -ef and egrep for expect, i see the exact line in the process table and it shows my password for the world to see.
how can i... (2 Replies)
Hi
I have following problem Im writing a script (in bash ) , where need to be written login & passwd for databas client .
Its need to in following form login passwd@dbhostname .
The problem is so anybody can read it so the passwd & login are visible and thats not very safety .
Can... (8 Replies)
Dear folks,
The title of my thread says mostly all of what I want to do. Basically I want to auto-ssh to a remote host, and run a program on it (VLC is just an example). I wrote a script which calls xterm and then runs expect on it. The code is as follow
#!/bin/bash
export PASS="xxxxxxx"... (22 Replies)
hi all,
i run sqlplus command on unix(HP-UX)
like "sqlplus username/password@serverA @deneme.sql"
but when someone run "ps -ef | grep sqlplus", it can see my username and password :(
How can i hide username and password.
thanx. (1 Reply)
Hi,
I am writing a UNIX .ksh script and need to send the login password of the login id that is executing the script to a command that I am executing in the script. I don't want that password to be seen by anyone except whoever is executing the script.
Does anyone know how I can accomplish... (6 Replies)
All,
In my script I am calling another script.. in that script I need to enter a password. Problem is that everyone is able to see the password when I enter that. Is there any way that when i enter that password it should not display or may look like *******.
Or if there any other way that I... (1 Reply)
Hi everybody,
Do you know how to hide the text for interactive unix shell script? Just like the case for inputting password during logon.
Patrick (1 Reply)
Hi falks,
I have the following ksh code:
echo "Enter VS Admin password:"
oldstty=`stty -g`
stty -echo intr '$-'
read password
stty $oldstty
echo
This code ask from a user to enter his password. The OS suppose to hide the entering of the... (2 Replies)
I am doing a project in C program which requires to type in password in Unix terminal. Does anybody know how to shade or not output any words typed by user in the terminal?
I use the function scan() to read typing from user. Thanks in advance. (2 Replies)
Hello,
I am very new to Unix so I want to apologize in advance in case my question is stupid.
I wrote a KORN script that I am planning to distribute to many users. This script contains sensitive information that the users should not see: user name and password to our database servers with... (11 Replies)