Best practices for holding passwords in shell / Perl scripts?

Question

I\'ve recently had to dust off my Perl and shell script skills to help out some colleagues. The colleagues in question have been tasked with providing some reports from an inter

Answer 1

I'm not sure what version of Oracle you are running. On older version of Oracle (pre 9i Advanced Security) some DBA's would CREATE USER OPS$SCOTT IDENTIFIED BY EXTERNALLY and set REMOTE_OS_AUTHENT to true.

This would mean that your remote sun machine could authenticate you as SCOTT and then your Oracle DB would accept that authentication.

This is a bad idea.

As you could image any Windows XP with a local user of SCOTT could then log into your DB without a password.

Unfortunately it's the only option that i know of Oracle 9i DBs to not store username/passwords in your script or somewhere else accessible by the client machine.

What ever your solution it's worthwhile having a look through Oracle's Project Lockdown before committing.