On 01/16/2004 01:34:45 PM, Tanel Poder wrote: > Few ideas: > > 1) sqlplus /nolog > connect user/[EMAIL PROTECTED]
This requres putting ASCII (non-encrypted) password in the SQL script. Not very safe. > > 2) . $HOME/.orapwd > sqlplus user/[EMAIL PROTECTED] This will actually show password because shell will interpret the ORAPWD variable before passing the arguments to fork/exec combination. Password will be clearly visible by "ps -ef". > > (.orapwd script has to set environment variable ORAPWD to the password) > > 3) sqlplus [EMAIL PROTECTED] < $HOME/.orapwd > > (.orapwd must contain one line, the password) This is semi-decent because password is still in an ASCII file, but hidden. Root (SA) can still read it. If that's acceptable, it's OK, provided that the protection mask is set properly. I would add 4) CREATE USER OPS$MLADEN identified externally - that uses OS authorization and can be easily cracked by root (su -) 5) Oracle advanced security. That is the best answer, supporting Radius, Kerberos and biometrics, but costs $$$$$$. I would use 4, despite oracle's claims that this type of authorization is "discouraged" or "deprecated". So is RBO and yet it lives on. That is only a marketing pitch. -- Mladen Gogala Oracle DBA -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Mladen Gogala INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
