The third input in the command is the length of the password i want to use.
What I do next is login to a Oracle DB and change a user accounts password using what was generated. I would prefer that password nor its generation of it be discover via ps or anything like that. My question is what gets captured by the server in the /proc/PID/ folders or any server logs? Is there a way to work around any of that being captured? Thanks.
I'm not sure I understand your request correctly, and even less I know about what Oracle permits and provides in terms of password input.
You might supply the generated password on stdin via a pipe, or using a temp file, or a FIFO. Unfortunately, I'm not able to test any of these proposals.
sorry for not making that clearer. What I am trying to achieve is a script that doesn't have the info it generates it either ps or in a server log file. Can that be achieved by a pipe or is there a better way?
Who are you trying to hide the information from? If the user(s) has root access than there is very little that can be done.
If they don't have root access then the auditing logs shouldn't be readable, and unless they have the same userid that ran the password change script, they will not be able to look in the /proc/<pid> files either.
Is the oracle DB hosted on the same server? Are you using the ALTER USER command to change the password or something else? How are you getting this command to Oracle?
The oracle DB is hosted on the same server and yes i am using alter user. What i am really trying to determine is if i create a password on the fly inside of a script and assign it to a variable and then sqlplus in via oracle wallet will they variable that holds the password be viewable by someone snooping on the server? I would assume if they were good enough and got ahold of either the oracle account or the root account on the server then yes they would. Would those be the only two?