| Encrypt Password to connect to the back-end database [message #160358] |
Fri, 24 February 2006 11:04  |
bheemsen
Messages: 13
Registered: February 2006
|
Junior Member |
|
|
We have lots of Shell scripts where the password is hardcoded to
connect to the database(Oracle): Ex: sqlplus username/password
The password should not be in clear text & should be encrypted before
connecting to the backend. Oracle will not take encrypted passwords in my opinion to connect to the database.
I want to encrypt this hardcoded password & decrypt it to connect to the database. Can anyone help me or point me to links showing some examples.
Thanks
-Bheem
|
|
|
|
| Re: Encrypt Password to connect to the back-end database [message #160381 is a reply to message #160358] |
Fri, 24 February 2006 20:53  |
rleishman
Messages: 3728
Registered: October 2005
Location: Melbourne, Australia
|
Senior Member |
|
|
This is a pretty popular request, but I've still not yet seen a good solution. Any such solution requires that the decryption key be stored somewhere, so you might as well just store the password where you were going to store the encryption key.
The absolute best way - and the one endorsed by Oracle - is to used Externally Authenticated Accounts. This means there is an Oracle account with the same name as your OS userid, and you connect with sqlplus /
I once worked in a place where the Oracle passwords were stored in a protected data file owned by the Oracle user. There was a simple C executable that accepted a user id as input, and gave the password as output. The C executable was able to read the protected file because it had SETUID bit (on Unix : -rws--x--x). Applications could connect using sqlplus usrid/`orapwd usrid`. This is probably as good as encryption, but does not work on Windows.
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
