Many times when running jobs through cron (on Unix boxes) it is required that you hide the password of the Oracle user from showing up when the ps command is run at the operating system level. There are various methods to do this, but the foolproof method is to use the init.ora parameter (os_authent_prefix) and identify users externally.
In the init.ora file set the os_authent_prefix to any string (for example, OPS$). Now the V$parameter output for this parameter should show up as:
NAME TYPE VALUE ----------------- ------- --------- os_authent_prefix string ops$Now whenever you create a user just use "create user ops$<username> identified externally". For example, let's say the user is DBGUY:
create user ops$DBGUY identified externally;This will allow you to:
$ id uid=12997(DBGUY) gid=1(other) $ sqlplus / SQL*Plus: Release 22.214.171.124.0 - Production on Mon Jun 17 09:28:46 2000 (c) Copyright 1999 Oracle Corporation. All rights reserved. Connected to: Oracle8i Enterprise Edition Release 126.96.36.199.0 - Production With the Partitioning and Java options PL/SQL Release 188.8.131.52.0 - Production ops$dbguy@8i> show user USER is "OPS$DBGUY" ops$dbguy@8i>
Geoff H. writes: The author may like to point out the use of the SUDO command to prevent user passwords being seen in ps -ef. You can control what a user account on Unix can do. See below. sudo
For More Information
- What do you think about this tip? E-mail the editor at firstname.lastname@example.org with your feedback.
- The Best Oracle Web Links: tips, tutorials, scripts, and more.
- Have an Oracle tip to offer your fellow DBAs and developers? The best tips submitted will receive a cool prize--submit your tip today!
- Ask your technical Oracle questions--or help out your peers by answering them--in our live discussion forums.
- Check out our Ask the Experts feature: Our SQL, database design, Oracle, SQL Server, DB2, metadata, and data warehousing gurus are waiting to answer your toughest questions.
This was first published in June 2002