Sqlldr Password visible at Unix level
Moderators: chulett, rschirm, roy
Sqlldr Password visible at Unix level
Hi,
I am executing sqlldr and do not want my password to be displayed.
I have defined an environment variable and passing it to 1 routine and call dsloginfo. My password is not getting displayed anywhere in DataStage.
My problem is to hide the password from unix level also. When my Job is running, if that point in time, i execute
ps -ef | grep sqlldr
then the whole sqlldr statement is displayed with the password. So doing all the stuff at DataStage level is wasted.
Pls let me know is there any way of restricting the way of displaying the sqlldr command at unix level.
I am executing sqlldr and do not want my password to be displayed.
I have defined an environment variable and passing it to 1 routine and call dsloginfo. My password is not getting displayed anywhere in DataStage.
My problem is to hide the password from unix level also. When my Job is running, if that point in time, i execute
ps -ef | grep sqlldr
then the whole sqlldr statement is displayed with the password. So doing all the stuff at DataStage level is wasted.
Pls let me know is there any way of restricting the way of displaying the sqlldr command at unix level.
----------------
Rgds,
Anupam
----------------
The future is not something we enter. The future is something we create.
Rgds,
Anupam
----------------
The future is not something we enter. The future is something we create.
Hi,
What does your DBAs say?
It is not really a DS issue!
Please post your findings,
What does your DBAs say?
It is not really a DS issue!
Please post your findings,
Roy R.
Time is money but when you don't have money time is all you can afford.
Search before posting:)
Join the DataStagers team effort at:
http://www.worldcommunitygrid.org
Time is money but when you don't have money time is all you can afford.
Search before posting:)
Join the DataStagers team effort at:
http://www.worldcommunitygrid.org
-
- Premium Member
- Posts: 1255
- Joined: Wed Feb 02, 2005 11:54 am
- Location: United States of America
Yes. Roy is Right. It is not really a datastage problem. See if you can encrypt this password by writing a script and overwrite the parameter file with this encrypted password.
Anything that won't sell, I don't want to invent. Its sale is proof of utility, and utility is success.
Author: Thomas A. Edison 1847-1931, American Inventor, Entrepreneur, Founder of GE
Author: Thomas A. Edison 1847-1931, American Inventor, Entrepreneur, Founder of GE
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
Plus I know for a fact that this was solved at RIL last time I was there. You will be able to find examples where the password is not visible. Think about environment variables, think about "here scripts" that actually prompt for passwords, where the value can be provided from the environment variable.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
-s does not work with sqlldr, it works with sqlplus.
Definately i will share the code to anyone who wants but can not share in public. Who so ever wants the logic should send PM to me. I hope you guys understand, its security issues....
Definately i will share the code to anyone who wants but can not share in public. Who so ever wants the logic should send PM to me. I hope you guys understand, its security issues....
----------------
Rgds,
Anupam
----------------
The future is not something we enter. The future is something we create.
Rgds,
Anupam
----------------
The future is not something we enter. The future is something we create.
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
Surely the TECHNIQUE doesn't violate any security?!! The sqlldr program is invoked with various command line options, but can prompt for user id and password if required. In that case a "here script" can be used to supply responses to the prompts, and environment variables can be used to supply the actual values. For example
Where's the security breach in that?
Code: Select all
# Invoke sqlldr but prompt for user ID and password
sqlldr ...options... << EOT
$DBUSER # response to user ID prompt
$DBPASSWORD # response to password prompt
EOT
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
-
- Premium Member
- Posts: 252
- Joined: Mon Sep 19, 2005 10:28 pm
- Location: Melbourne, Australia
- Contact:
Most Oracle DBAs know about this one. There is a solution that works with all flavours of Unix I know, and exploits the fact that PS shows only the first 255 chars of the command. Some versions of Oracle actually ship with it included I think (at least they do with sqlplus and sqlforms) - but my current 10g still has the problem on Linux.
Here's what you do:
- Rename the sqlldr executable to sqlldr.exe (or whatever..)
- Write a C program sqlldr.c that simply runs an exec() of sqlldr.exe using the same positional arguments it was passed. It has to strip the path name from ARGV[0] in case the Oracle bin is not on the user's path.
- Between the sqlldr.exe and the first argument in the exec() call, insert 255 spaces.
- Compile sqlldr.c and move the executable into the Oracle BIN directory.
Here's what you do:
- Rename the sqlldr executable to sqlldr.exe (or whatever..)
- Write a C program sqlldr.c that simply runs an exec() of sqlldr.exe using the same positional arguments it was passed. It has to strip the path name from ARGV[0] in case the Oracle bin is not on the user's path.
- Between the sqlldr.exe and the first argument in the exec() call, insert 255 spaces.
- Compile sqlldr.c and move the executable into the Oracle BIN directory.
Ross Leishman