- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Ways to encrypt passwd in shell script
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2006 07:10 PM
тАО01-18-2006 07:10 PM
and Oracle 8.1.7.x and 9.2.x ,
a lot of batch jobs run in cron.
Many scripts show username/passwd
as text and anyone with read access
to the script can obtain the passwd
to the application.
I would like to know of ways to encrypt
this passwd.
This also extends to passwd used in scripts
stopping the listener.
Just in case anyone suggest this:
We cannot for the time being use OPS$
accounts because we made the stupid choice
earlier to combine online and batchuser,
something I am addressing with the application
team.
So , I would like to find out more ways on
how to encrypt or obscure passwd in scripts.
If it is possible that is, I hope to hear
from you.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2006 07:21 PM
тАО01-18-2006 07:21 PM
SolutionYou can use a tool called "shc" which can be downloaded from, http://www.datsi.fi.upm.es/~frosal/. It is used for encrypting and decrypting shell scripts and password with that. Find out more information at, http://www.linuxsecurity.com/content/view/117920/49/
-Arun
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2006 07:28 PM
тАО01-18-2006 07:28 PM
Re: Ways to encrypt passwd in shell script
the best method of secure passwords is to stop people from seeing them in the first place! Remove read access to the files, leaving only trusted groups with access.
Also make sure you do not perform anything like:
sqlplus -s user/password
in a script, as then the info can be seen by the ps command.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2006 07:46 PM
тАО01-18-2006 07:46 PM
Re: Ways to encrypt passwd in shell script
Sorry I appreciate your concern,
but I am not going to award points
for these comments. You seemed
to have missed my hint that I am
addressing this already with the
application team.
I am looking for solutions, if you have
any of these , feel welcome.
No pun intended, but I have to be strict.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2006 07:51 PM
тАО01-18-2006 07:51 PM
Re: Ways to encrypt passwd in shell script
You can put something like this in cron. The key here is "crypt key is visible"
01 01 * * * "/usr/bin/crypt 'xyz' < crytpted_script > uncrypted_script | /usr/bin/ksh
This should work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2006 07:53 PM
тАО01-18-2006 07:53 PM
Re: Ways to encrypt passwd in shell script
01 01 * * * "/usr/bin/crypt 'xyz' < crytpted_script | /usr/bin/ksh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2006 08:08 PM
тАО01-18-2006 08:08 PM
Re: Ways to encrypt passwd in shell script
fully agree with your comments on my earlier, generic reply.
Here is another shell compiler:
http://www.geocities.com/SiliconValley/Horizon/5745/kcx.htm
as an alternative to shc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2006 09:08 PM
тАО01-18-2006 09:08 PM
Re: Ways to encrypt passwd in shell script
I don't know if you have ever considered this.
why not use DBMS_JOB to run you batch jobs?
this is much easier and does not require any password!
very easy:
declare
l_job number;
begin
dbms_job.submit( l_job,
'abc;',
trunc(sysdate)+4/24,
'trunc(sysdate)+1+4/24' );
end;
will run the job at 4am every day.
Nb. make sure to set job_queue_processes and job_queue_interval (init.ora parameters).
hope this helps!
kind regards
yogeeraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2006 09:38 PM
тАО01-18-2006 09:38 PM
Re: Ways to encrypt passwd in shell script
Interesting, no I had never considered
that.
Mind you most of our batch jobs
is based on external files that are
parsed and loaded via sqloader into
the tables.
The event to start the job is triggerd
when the ascii file arrives, which
is unpredictable. We use special filewatcher
called Autosys Unicenter from CA.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2006 10:48 PM
тАО01-18-2006 10:48 PM
Re: Ways to encrypt passwd in shell script
as for external files issue, since you are also running oracle 9i, you can also consider external tables.
In fact, with external tables you can:
o merge a flat file with an existing table in one statement.
o sort a flat file on the way into a table you want compressed nicely
o do a parallel direct path load -- without splitting up the input file, writing scripts and so on
o run sqlldr in effect from a stored procedure or trigger (insert is not sqlldr)
o do multi-table inserts
o flow the data through a pipelined plsql function for cleansing/transformation
and so on.
hope this helps too!
kind regards
yogeeraj