When connecting to SQL*Plus, username and password may be displayed in the list of active processes:
For example, if you connect:
$ sqlplus user/password@sid then a list of processes will show username and password $ ps -ef | grep sql jdoe 5652 4963 0 10:11 pts/0 00:00:00 sqlplus user/password@sid jdoe 5667 5632 0 10:13 pts/1 00:00:00 grep sql
How to protect user credentials when connecting to the database interactively or through a shell script? |
$ sqlplus /nolog @connect.sql -- and store user credentials in the connect.sql file
(b) If you need the user to enter his or hers credentials, you can use:
#!/bin/bash echo "Enter username : " read login echo "Enter password: " read -s password sid=${ORACLE_SID} sqlplus -s /nolog << EOF connect ${login}/${password}@${sid} ... your sql code here... quit EOF(c) alternatively, you can read the password from a protected file:
-- Create password file and change file permissions so that no one besides the owner has access $ cat passowd > mypwdfile $ chmod 700 mypwdfile -- Create the script.. #!/bin/bash user= user_name pass=`cat mypwdfile` sqlplus -s ${user}/${pass} << EOF ... perform sqlplus statements EOF