I have a SQL which i want to run through a shell script.
query_result=`/home/oracle/product/11.2.0/bin/sqlplus -S uname/pwd@DBNAME <<!
set heading off feedback off trimspool on
set pagesize 0
set linesize 9999
spool $PARAM_PATH/param_name.txt;
Select sysdate from dual;
spool off;
exit
!`
echo $query_result
I do not want to Password to be visible.
So i gathered some information on the way to do this.
The most common way was to have the sql in a file and run the.sql file in a script and have only required permissions on it. Like below
sqlplus -S system/manager @my_sql_script.sql
But even here system/manager is the uname and pwd.
So how to avoid the pwd from being visible.?
@chetan.c: When you say visible, do you mean in ps output or defined in the script?
You can invoke sqlplus without logging in but calling a .sql-commandfile and use the SQL*Plus connect command to log in to your database. This way username and password do not show up in ps and are not visible in your main script.
Calling script:
connect username/password
set heading off feedback off trimspool on
set pagesize 0
set linesize 9999
spool &1/param_name.txt;
Select sysdate from dual;
spool off;
exit
Another way to hide login-information from ps-output is to use coprocesses (ksh or bash >= 4.0) or pipes. Here the implementation is a bit more tricky and depends on the shell you use.
The commandfile has to be readable, so appropriate permissions will not keep the passwords completely hidden. Actually I do not think there is a way to secure the password that anyone who is able to read and understand your script can not revert.
An alternative would be to use SSL authentification instead of a password.
"Best practices" for retrievably-stored passwords is to not do that, at all, ever Most sane login systems refuse to use stored passwords, and some even provide safer alternative methods(like ssh keys).
If it's unavoidable, keep it in a file that's only readable by the application you need, then pass the password into the relevant application with pipes so they can't be snooped on ps.