dbTalk Databases Forums  

SQL Loader and password on the command line.

Go Back dbTalk Databases Forums Databases comp.databases.oracle.misc SQL Loader and password on the command line.

comp.databases.oracle.misc comp.databases.oracle.misc


Discuss SQL Loader and password on the command line. in the comp.databases.oracle.misc forum.



Reply
 
Thread Tools Display Modes
  #1  
Old   
Brian Tkatch
 
Posts: n/a

Default SQL Loader and password on the command line. - 10-29-2007 , 09:54 AM





We seem to have bumped into a common issue, and that is that we need
to automate the loading of a few thousand files nightly.

EXTERNAL TABLEs seem not to be the answer, as the files are on other
servers. Both copying the files to the DB server and using an NFS
mount are not allowed by policy.

So, we are to use sqlldr. However, sqlldr expects a username/password.
Passing it on the command line is viewable via ps, which leaves the
PARFILE option, but that has it written to disk while unencrypted.

Creating a named pipe does not seem to help for the PARFILE:

Quote:
mknod a.par p
echo user/pass>a.par &
[1] 17097
sqlldr parfile=a.par control=a
Username:

SQL*Loader: Release 9.2.0.4.0 - Production on Mon Oct 29 11:47:53 2007

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

SQL*Loader-128: unable to begin a session
ORA-01017: invalid username/password; logon denied
[1]+ Done echo user/pass >a.par

When prompted for a username i hit CTL-C and ENTER.

There does not seem to be any environment variable for username or
password, and putting it in TWO_TASK does not help.

Is there a way to pass a password to SQL Loader without having it
exposed on the command line or unencrypted on disk?

B.


Reply With Quote
  #2  
Old   
gazzag
 
Posts: n/a

Default Re: SQL Loader and password on the command line. - 10-29-2007 , 11:03 AM





On 29 Oct, 15:54, Brian Tkatch <N/A> wrote:
Quote:
We seem to have bumped into a common issue, and that is that we need
to automate the loading of a few thousand files nightly.

EXTERNAL TABLEs seem not to be the answer, as the files are on other
servers. Both copying the files to the DB server and using an NFS
mount are not allowed by policy.

So, we are to use sqlldr. However, sqlldr expects a username/password.
Passing it on the command line is viewable via ps, which leaves the
PARFILE option, but that has it written to disk while unencrypted.

Creating a named pipe does not seem to help for the PARFILE:

mknod a.par p
echo user/pass>a.par &
[1] 17097
sqlldr parfile=a.par control=a

Username:

SQL*Loader: Release 9.2.0.4.0 - Production on Mon Oct 29 11:47:53 2007

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

SQL*Loader-128: unable to begin a session
ORA-01017: invalid username/password; logon denied
[1]+ Done echo user/pass >a.par

When prompted for a username i hit CTL-C and ENTER.

There does not seem to be any environment variable for username or
password, and putting it in TWO_TASK does not help.

Is there a way to pass a password to SQL Loader without having it
exposed on the command line or unencrypted on disk?

B.
I would consider creating an "IDENTIFIED EXTERNALLY" OPS$ account.

HTH

-g



Reply With Quote
  #3  
Old   
Ken Denny
 
Posts: n/a

Default Re: SQL Loader and password on the command line. - 10-29-2007 , 11:05 AM


On Oct 29, 11:54 am, Brian Tkatch <N/A> wrote:
Quote:
We seem to have bumped into a common issue, and that is that we need
to automate the loading of a few thousand files nightly.

EXTERNAL TABLEs seem not to be the answer, as the files are on other
servers. Both copying the files to the DB server and using an NFS
mount are not allowed by policy.

So, we are to use sqlldr. However, sqlldr expects a username/password.
Passing it on the command line is viewable via ps, which leaves the
PARFILE option, but that has it written to disk while unencrypted.

Creating a named pipe does not seem to help for the PARFILE:

mknod a.par p
echo user/pass>a.par &
[1] 17097
sqlldr parfile=a.par control=a

Username:

SQL*Loader: Release 9.2.0.4.0 - Production on Mon Oct 29 11:47:53 2007

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

SQL*Loader-128: unable to begin a session
ORA-01017: invalid username/password; logon denied
[1]+ Done echo user/pass >a.par

When prompted for a username i hit CTL-C and ENTER.

There does not seem to be any environment variable for username or
password, and putting it in TWO_TASK does not help.

Is there a way to pass a password to SQL Loader without having it
exposed on the command line or unencrypted on disk?

B.
Here's how to do if from a korn shell script

sqlldr CONTROL=${DATA}/ctl_file.ctl DATA=$DATA/$INFILE LOG=$LOGS/
$LOGFILE <<_STOP_
$USERID
_STOP_



Reply With Quote
  #4  
Old   
Brian Tkatch
 
Posts: n/a

Default Re: SQL Loader and password on the command line. - 10-29-2007 , 11:46 AM


On Mon, 29 Oct 2007 10:05:36 -0700, Ken Denny <ken (AT) kendenny (DOT) com>
wrote:

Quote:
On Oct 29, 11:54 am, Brian Tkatch <N/A> wrote:
We seem to have bumped into a common issue, and that is that we need
to automate the loading of a few thousand files nightly.

EXTERNAL TABLEs seem not to be the answer, as the files are on other
servers. Both copying the files to the DB server and using an NFS
mount are not allowed by policy.

So, we are to use sqlldr. However, sqlldr expects a username/password.
Passing it on the command line is viewable via ps, which leaves the
PARFILE option, but that has it written to disk while unencrypted.

Creating a named pipe does not seem to help for the PARFILE:

mknod a.par p
echo user/pass>a.par &
[1] 17097
sqlldr parfile=a.par control=a

Username:

SQL*Loader: Release 9.2.0.4.0 - Production on Mon Oct 29 11:47:53 2007

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

SQL*Loader-128: unable to begin a session
ORA-01017: invalid username/password; logon denied
[1]+ Done echo user/pass >a.par

When prompted for a username i hit CTL-C and ENTER.

There does not seem to be any environment variable for username or
password, and putting it in TWO_TASK does not help.

Is there a way to pass a password to SQL Loader without having it
exposed on the command line or unencrypted on disk?

B.

Here's how to do if from a korn shell script

sqlldr CONTROL=${DATA}/ctl_file.ctl DATA=$DATA/$INFILE LOG=$LOGS/
$LOGFILE <<_STOP_
$USERID
_STOP_
Good idea! Using an environment variable and storing a variable to
disk definitely works.

Thanx!

That should secure it from everyone but root.

B.


Reply With Quote
  #5  
Old   
Brian Tkatch
 
Posts: n/a

Default Re: SQL Loader and password on the command line. - 10-29-2007 , 11:46 AM


On Mon, 29 Oct 2007 10:03:04 -0700, gazzag <gareth (AT) jamms (DOT) org> wrote:

Quote:
On 29 Oct, 15:54, Brian Tkatch <N/A> wrote:
We seem to have bumped into a common issue, and that is that we need
to automate the loading of a few thousand files nightly.

EXTERNAL TABLEs seem not to be the answer, as the files are on other
servers. Both copying the files to the DB server and using an NFS
mount are not allowed by policy.

So, we are to use sqlldr. However, sqlldr expects a username/password.
Passing it on the command line is viewable via ps, which leaves the
PARFILE option, but that has it written to disk while unencrypted.

Creating a named pipe does not seem to help for the PARFILE:

mknod a.par p
echo user/pass>a.par &
[1] 17097
sqlldr parfile=a.par control=a

Username:

SQL*Loader: Release 9.2.0.4.0 - Production on Mon Oct 29 11:47:53 2007

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

SQL*Loader-128: unable to begin a session
ORA-01017: invalid username/password; logon denied
[1]+ Done echo user/pass >a.par

When prompted for a username i hit CTL-C and ENTER.

There does not seem to be any environment variable for username or
password, and putting it in TWO_TASK does not help.

Is there a way to pass a password to SQL Loader without having it
exposed on the command line or unencrypted on disk?

B.

I would consider creating an "IDENTIFIED EXTERNALLY" OPS$ account.

HTH

-g
Interesting idea, but we'd never get them to allow that here.

B.


Reply With Quote
  #6  
Old   
gazzag
 
Posts: n/a

Default Re: SQL Loader and password on the command line. - 10-31-2007 , 04:36 AM


On 29 Oct, 17:46, Brian Tkatch <N/A> wrote:
Quote:
Interesting idea, but we'd never get them to allow that here.


B.

Why not? It's as secure as you're operating system. It's not like
you're in a Windows platform or anything




Reply With Quote
  #7  
Old   
Brian Tkatch
 
Posts: n/a

Default Re: SQL Loader and password on the command line. - 10-31-2007 , 08:50 AM


On Wed, 31 Oct 2007 03:36:44 -0700, gazzag <gareth (AT) jamms (DOT) org> wrote:

Quote:
On 29 Oct, 17:46, Brian Tkatch <N/A> wrote:
Interesting idea, but we'd never get them to allow that here.


B.

Why not? It's as secure as you're operating system. It's not like
you're in a Windows platform or anything

Heh. While that is true, the policies for the Un*x boxen are quite
strict as well.

B.


Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.


Contact Us - dbTalk Databases Forums - Archive - Top