Hiding plain text password with sqlplus command line

2
votes

I wish to use a sqlplus command with password hidden from view such that it doesn't show up on ps -ef command.

I know there are a lot of solutions provided all over internet blogs but most of them seem to require admin privileges and I have restricted access on this server. And rest of them just don't seem to work me.

The command that I am currently using is as below:

sqlplus -s SOME_USERNAME/[email protected]:1500/SOMESID @some.sql

Legend:

SOME_USERNAME: schema/user

SOME_PASSWORD: password

SOMESID: SID for this DB.

@some.sql: An sql file containing insert statements.

Any pointers are much appreciated.

Update: Forgot to mention that this sqlplus command will be used inside a shell script.

2
oraclesqlplus

2 Answers

6
votes

How do I input the password from within a shell script in this case?

You can use a heredoc:

sqlplus -s /nolog <<!EOF
connect SOME_USERNAME/[email protected]:1500/SOMESID
@some.sql
!EOF

The connect and @some.sql are treated as an input stream to SQL*Plus, as if you'd typed them in an interactive session, and are not part of the initial call to the executable - so the connection details don't appear in ps output.

You can also use variables if you want to, incidentally, as the variable expansion happens in the shell before it passes the stream to the executable - so even though SQL*Plus wouldn't understand say $PASSWD, referring to that in the heredoc works and the actual variable value is passed.

3
votes

  • Use sqlplus -s SOME_USERNAME@\"somedns.intra.com:1500/SOMESID\" @some.sql and enter your password on the command line.

  • Or use external authentication and don't use a password at all

  • Finally, SOMESID is not a SID, it's a Service Name. The Easy Connect syntax you use only works with service names. SIDs are very very old-school.