Hello,
I'm trying to help a client with passing decrypted passwords into child processes. I just want to ask how secure (or not) it is to pass those decrypted passwords via environment variables?
Thanks,
denden
maybe if you gave an example or be more clear in of what you are trying to do, we could give our comments...
1 Like
The Oracle Import process can be a good example of this. If you put the password
in the command, then you can see it when you use the "ps -ef | grep impdp".
impdp system/change_on_install ...
But if you use the echo command and pipe to the impdp command, then you won't
see the password when you do "ps -ef | grep impdp"
echo "system/change_on_install" | impdp ...
Another option would be to put a delimited text file under the ~/.ssh directory.
You can then grep for the line that you want and use the cut command to grab
the password.
~/.ssh/pw
user:this_pwd
user1:this_pwd
user2:this_pwd
user3:this_pwd
You script that needs a password would have the following. Including the carrot
and colon will make sure that the line starts with the username and does not
accidentally pick up more than one line if you have similar usernames. You do
need to make sure that each username is unique in the file.
THIS_PWD=`grep "^user1:" | cut -d":" -f2`
1 Like