Help with passing parameters from a file

karthik_adiga · May 5, 2015, 9:42am

Hello Everyone,

I have developed a shell script which takes schema id and password as parameter to login into database using sqlplus,runs a query and mails the result.

My requirement is that, I dont want to pass userid and password as parameters.Instead,I want to pass say Environment name and Schema name as parameters to the script and userid and password will be stored in a txt file.

Now,Is it posssible to pass Environment name and Schema name to the txt file fom the script and get the userid and passowrd from there ?

Thanks in advance.

rbatte1 · May 5, 2015, 9:48am

Is the database local? Can you convert the account to allow sqlplus /

If it's Oracle, then I think it's something like:-

alter user bob identified externally ;

This would negate having to know/store the password anywhere. If you can validate to log on to the operating system, then you are trusted to the database.

Failing that, what have you tried? Storing details like this are notoriously fraught with danger from someone else being able to read the files. If they can read the script (to run it) then they can find the file.

Can you give us more context as to what the eventual end requirement is?

Robin

karthik_adiga · May 6, 2015, 1:07am

Thanks for the reply...here is the snippet

#!/bin/sh
#Two input parameters USER_ID and Password
DB_USER=$1
DB_PWD=$2
result=`sqlplus -s $DB_USER@D1TFDDS/$DB_PWD<<EOF
spool sample.txt
sql query
spool off
EOF`
v1_result=`cat sample.txt | sed -e 's/ //g' | tr " " "\n"`
echo "${v1_result}" > mail.txt
mailx -s "Samplemail" abc@gmail.com  < mail.txt

In here am passing id and password as parameter to fetch the result.I do not want to pass my credentials to the script,instead can i store it in a .txt file with restricted permission.

And pass say environment id and schema name as parameter to the .txtfile which will give me userid and password

RudiC · May 6, 2015, 3:41am

Although it is not generally recommended, and other means sre preferred, you of course can pass any two parameters to your script, which in turn could be environment id and schema name, and construct a file name from them to open and read the needed credentials.

rbatte1 · May 7, 2015, 5:18am

Can I also suggest that you take the credentials out of your sqlplus command line. Anyone running a simple ps will be able to see them whilst your database connection is active.

It might only be a short time, but if this account is a DBA (which I'm guessing that it is) then you are effectively shouting the out the number for a combination lock on your most secure safe. If no-one is listening, then you get away with it. If someone hears, it depends on their integrity if they do something with it.

Robin