What's the best way to implement running SQL*Plus scripts without a password being supplied? Example:
SQL*Plus userid/pw @script
I'm assuming you ask this question since you do not want the password to appear when you do "ps -ef|grep sqlplus" on a Unix system. This is a security hole if one can see your password when doing a process status listing. You have a couple of ways of getting around this.
One way is to use a connection "script". Create a script called "connect.sql". This script will only have one line:
sqlplus /nolog @my_script
sqlplus username @my_script << password_file
In either method, your password can be seen if you don't take methods to secure any files which hold the password. So make sure that only the Oracle user and/or DBA group can access this file by protecting it with OS file permissions.
For More Information
- Dozens more answers to tough Oracle questions from Brian Peasland are available.
- The Best Oracle Web Links: tips, tutorials, scripts, and more.
- Have an Oracle or SQL tip to offer your fellow DBAs and developers? The best tips submitted will receive a cool prize. Submit your tip today!
- Ask your technical Oracle and SQL questions -- or help out your peers by answering them -- in our live discussion forums.
- Ask the Experts yourself: Our SQL, database design, Oracle, SQL Server, DB2, metadata, object-oriented and data warehousing gurus are waiting to answer your toughest questions.