Hiding passwords
So the story goes like this. We're a NT/W2K shop. We have various scripts that run DB related jobs but these are in plain text and we'd like to "hide" these passwords in some way to allow scripts to run but the passwords not be "visible" to potential prying eyes. Has anyone cracked this one yet. I've had a trawl around MetaLink but found nothing of substance. - Seán O' Neill Organon (Ireland) Ltd. [subscribed: digest mode] -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Hiding passwords
Why not just restrict access to these scripts using file permissions? Oh, if your problem is that everyone can log on to this user under which all of your server processes and scripts run, then forget it, you can't ever achieve what you want if you don't have even basic security. An alternative for using passwords would be using OS authentication. Tanel. - Original Message - To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Sent: Tuesday, September 23, 2003 5:24 PM > So the story goes like this. We're a NT/W2K shop. We have various scripts > that run DB related jobs but these are in plain text and we'd like to "hide" > these passwords in some way to allow scripts to run but the passwords not be > "visible" to potential prying eyes. Has anyone cracked this one yet. I've > had a trawl around MetaLink but found nothing of substance. > > - > Seán O' Neill > Organon (Ireland) Ltd. > [subscribed: digest mode] > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: O'Neill, Sean > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Tanel Poder INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Hiding passwords
There is a good discussion in asktom website on this topic. Here is the link : http://asktom.oracle.com/pls/ask/f?p=4950:8:F4950_P8_DISPLAYID:142212348066 Hth. Best Regards, Prasad "O'Neill, Sean" <[EMAIL PROTECTED]To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> non.ie> cc: Sent by: Subject: Hiding passwords [EMAIL PROTECTED] .com 09/23/2003 10:24 AM Please respond to ORACLE-L So the story goes like this. We're a NT/W2K shop. We have various scripts that run DB related jobs but these are in plain text and we'd like to "hide" these passwords in some way to allow scripts to run but the passwords not be "visible" to potential prying eyes. Has anyone cracked this one yet. I've had a trawl around MetaLink but found nothing of substance. - Seán O' Neill Organon (Ireland) Ltd. [subscribed: digest mode] -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Hiding passwords
You can try creating a password table that stores encrypted passwords, then use a simple procedure that uses the encryption routine in the Obfusication Toolkit to get and set the password. Or you can make the database userid to be identified externally, so no passsword is needed. RWB Reginald W. Bailey IBM Global Services - ETS SW GDSD - Database Management Your Friendly Neighborhood DBA 713-216-7703 (Office) 281-798-5474 (Mobile) 713-415-5410 (Pager) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ganon.ie To: [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED] Subject: Hiding passwords ity.com 09/23/2003 09:24 AM Please respond to ORACLE-L So the story goes like this. We're a NT/W2K shop. We have various scripts that run DB related jobs but these are in plain text and we'd like to "hide" these passwords in some way to allow scripts to run but the passwords not be "visible" to potential prying eyes. Has anyone cracked this one yet. I've had a trawl around MetaLink but found nothing of substance. - Seán O' Neill Organon (Ireland) Ltd. [subscribed: digest mode] -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Hiding passwords
You could set up environment variables and then reference the environment variable in your script. HTH M.[EMAIL PROTECTED] wrote: There is a good discussion in asktom website on this topic.Here is the link :http://asktom.oracle.com/pls/ask/f?p=4950:8:F4950_P8_DISPLAYID:142212348066Hth.Best Regards,Prasad"O'Neill, Sean" <[EMAIL PROTECTED] <[EMAIL PROTECTED] ORACLE-L list of recipients Multiple To:>non.ie> cc: Sent by: Subject: Hiding passwords [EMAIL PROTECTED] .com 09/23/2003 10:24 AM Please respond to ORACLE-L So the story goes like this. We're a NT/W2K shop. We have various scriptsthat run DB related jobs but these are in plain text and we'd like to"hide"these passwords in some way to allow scripts to run but the passwords notbe"visible" to potential prying eyes. Has anyone cracked this one yet. I'vehad a trawl around MetaLink but found nothin! g of substance.-Seán O' NeillOrganon (Ireland) Ltd.[subscribed: digest mode]--Please see the official ORACLE-L FAQ: http://www.orafaq.net--Author: O'Neill, SeanINET: [EMAIL PROTECTED]Fat City Network Services -- 858-538-5051 http://www.fatcity.comSan Diego, California -- Mailing list and web hosting services-To REMOVE yourself from this mailing list, send an E-Mail messageto: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and inthe message BODY, include a line containing: UNSUB ORACLE-L(or the name of mailing list you want to be removed from). You mayalso send the HELP command for other information (like subscribing).-- Please see the official ORACLE-L FAQ: http://www.orafaq.net-- Author: INET: [EMAIL PROTECTED]Fat City Network Service! s -- 858-538-5051 http://www.fatcity.comSan Diego, California -- Mailing list and web hosting services-To REMOVE yourself from this mailing list, send an E-Mail messageto: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and inthe message BODY, include a line containing: UNSUB ORACLE-L(or the name of mailing list you want to be removed from). You mayalso send the HELP command for other information (like subscribing). Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software
RE: Hiding passwords
That is not a problem! Use advanced security and accounts "identified globally". As long as you're able to authenticate the process with RADIUS, Kerberos or something like that, you can work with oracle. -- Mladen Gogala Oracle DBA > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of O'Neill, Sean > Sent: Tuesday, September 23, 2003 10:25 AM > To: Multiple recipients of list ORACLE-L > Subject: Hiding passwords > > > So the story goes like this. We're a NT/W2K shop. We have > various scripts that run DB related jobs but these are in > plain text and we'd like to "hide" these passwords in some > way to allow scripts to run but the passwords not be > "visible" to potential prying eyes. Has anyone cracked this > one yet. I've had a trawl around MetaLink but found nothing > of substance. > > - > Seán O' Neill > Organon (Ireland) Ltd. > [subscribed: digest mode] > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: O'Neill, Sean > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') > and in the message BODY, include a line containing: UNSUB > ORACLE-L (or the name of mailing list you want to be removed > from). You may also send the HELP command for other > information (like subscribing). > Note: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Wang Trading LLC and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Mladen Gogala INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Hiding passwords
Hello, If you do that in Win2k, then you have more env variables for 'authorized' people to see when they do a SET . Now, to be frank, I have an ulterior (a 'maxed-out' interior or exterior) motive in this reply. I have yet to see an intelligent (never mind elegant) of protecting system variables from someone's view when they do a SET in a DOS session. You can keep them out of Control Panel/System/Advanced/Environmental Variables, but you can't keep them out of DOS, so whaddya do? That's what I want to know. Has anyone confronted this issue and won? Thank you, Paul R. Sherman DBA/Sr. Appl. Analyst Bacou-Dalloz office - 401-232-1200 x200 cell - 401-935-2802 "M.Godlewski" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 02:15 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: Re: Hiding passwords You could set up environment variables and then reference the environment variable in your script. HTH M. [EMAIL PROTECTED] wrote: There is a good discussion in asktom website on this topic. Here is the link : http://asktom.oracle.com/pls/ask/f?p=4950:8:F4950_P8_DISPLAYID:142212348066 Hth. Best Regards, Prasad "O'Neill, Sean" non.ie> cc: Sent by: Subject: Hiding passwords [EMAIL PROTECTED] .com 09/23/2003 10:24 AM Please respond to ORACLE-L So the story goes like this. We're a NT/W2K shop. We have various scripts that run DB related jobs but these are in plain text and we'd like to "hide" these passwords in some way to allow scripts to run but the passwords not be "visible" to potential prying eyes. Has anyone cracked this one yet. I've had a trawl around MetaLink but found nothing of substance. - Seán O' Neill Organon (Ireland) Ltd. [subscribed: digest mode] -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services - To REMOVEE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software
RE: Hiding passwords
Paul, It's simple really. Do not allow them to log-on to the Win2k server - don't give them an account; keep the passwords secret; and keep the machine in a locked room. Tom Mercadante Oracle Certified Professional -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Tuesday, September 23, 2003 4:15 PMTo: Multiple recipients of list ORACLE-LSubject: Re: Hiding passwordsHello, If you do that in Win2k, then you have more env variables for 'authorized' people to see when they do a SET . Now, to be frank, I have an ulterior (a 'maxed-out' interior or exterior) motive in this reply. I have yet to see an intelligent (never mind elegant) of protecting system variables from someone's view when they do a SET in a DOS session. You can keep them out of Control Panel/System/Advanced/Environmental Variables, but you can't keep them out of DOS, so whaddya do? That's what I want to know. Has anyone confronted this issue and won? Thank you,Paul R. ShermanDBA/Sr. Appl. AnalystBacou-Dallozoffice - 401-232-1200 x200cell - 401-935-2802 "M.Godlewski" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 02:15 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: Re: Hiding passwordsYou could set up environment variables and then reference the environment variable in your script. HTH M.[EMAIL PROTECTED] wrote: There is a good discussion in asktom website on this topic.Here is the link :http://asktom.oracle.com/pls/ask/f?p=4950:8:F4950_P8_DISPLAYID:142212348066Hth.Best Regards,Prasad"O'Neill, Sean" non.ie> cc: Sent by: Subject: Hiding passwords [EMAIL PROTECTED] .com 09/23/2003 10:24 AM Please respond to ORACLE-L So the story goes like this. We're a NT/W2K shop. We have various scriptsthat run DB related jobs but these are in plain text and we'd like to"hide"these passwords in some way to allow scripts to run but the passwords notbe"visible" to potential prying eyes. Has anyone cracked this one yet. I'vehad a trawl around MetaLink but found nothing of substance.-Seán O' NeillOrganon (Ireland) Ltd.[subscribed: digest mode]--Please see the official ORACLE-L FAQ: http://www.orafaq.net--Author: O'Neill, SeanINET: [EMAIL PROTECTED]Fat City Network Services -- 858-538-5051 http://www.fatcity.comSan Diego, California -- Mailing list and web hosting services-To REMOVE yourself from this mailing list, send an E-Mail messageto: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and inthe message BODY, include a line containing: UNSUB ORACLE-L(or the name of mailing list you want to be removed from). You mayalso send the HELP command for other information (like subscribing).-- Please see the official ORACLE-L FAQ: http://www.orafaq.net-- Author: INET: [EMAIL PROTECTED]Fat City Network Services -- 858-538-5051 http://www.fatcity.comSan Diego, California -- Mailing list and web hosting services-To REMOVEE yourself from this mailing list, send an E-Mail messageto: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and inthe message BODY, include a line containing: UNSUB ORACLE-L(or the name of mailing list you want to be removed from). You mayalso send the HELP command for other information (like subscribing). Do you Yahoo!?Yahoo! SiteBuilder - Free, easy-to-use web site design software
RE: Hiding passwords
Tom, As Dave Barry would say, Har! Unfortunately, we are talking about 3rd-party people who have the 'right' to log in for support (debugging their ^%(^#@ products, and installing updates). I've got them under local admin accounts (as opposed to domain accounts), so they can only get to their own servers. BUT... that's as far as I can go to secure things except at the folder level (and Oracle loves it (!) when you try and do folder security on the datafiles, controlfiles, etc.). I appreciate the thought, but you did not go far enough... Kill them all, and save on security hardware. Any workable ideas? Desperately yours, Paul R. Sherman DBA/Sr. Appl. Analyst Bacou-Dalloz office - 401-232-1200 x200 cell - 401-935-2802 "Mercadante, Thomas F" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 04:24 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: RE: Hiding passwords Paul, It's simple really. Do not allow them to log-on to the Win2k server - don't give them an account; keep the passwords secret; and keep the machine in a locked room. Tom Mercadante Oracle Certified Professional -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 4:15 PM To: Multiple recipients of list ORACLE-L Subject: Re: Hiding passwords Hello, If you do that in Win2k, then you have more env variables for 'authorized' people to see when they do a SET . Now, to be frank, I have an ulterior (a 'maxed-out' interior or exterior) motive in this reply. I have yet to see an intelligent (never mind elegant) of protecting system variables from someone's view when they do a SET in a DOS session. You can keep them out of Control Panel/System/Advanced/Environmental Variables, but you can't keep them out of DOS, so whaddya do? That's what I want to know. Has anyone confronted this issue and won? Thank you, Paul R. Sherman DBA/Sr. Appl. Analyst Bacou-Dalloz office - 401-232-1200 x200 cell - 401-935-2802 "M.Godlewski" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 02:15 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: Re: Hiding passwords You could set up environment variables and then reference the environment variable in your script. HTH M. [EMAIL PROTECTED] wrote: There is a good discussion in asktom website on this topic. Here is the link : http://asktom.oracle.com/pls/ask/f?p=4950:8:F4950_P8_DISPLAYID:142212348066 Hth. Best Regards, Prasad "O'Neill, Sean" non.ie> cc: Sent by: Subject: Hiding passwords [EMAIL PROTECTED] .com 09/23/2003 10:24 AM Please respond to ORACLE-L So the story goes like this. We're a NT/W2K shop. We have various scripts that run DB related jobs but these are in plain text and we'd like to "hide" these passwords in some way to allow scripts to run but the passwords not be "visible" to potential prying eyes. Has anyone cracked this one yet. I've had a trawl around MetaLink but found nothing of substance. - Seán O' Neill Organon (Ireland) Ltd. [subscribed: digest mode] -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services - To REMOVEE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software
RE: Hiding passwords
Paul, Any chance these scripts could be run from Cygwin, Uwin, MKS Toolkit, or anything that will let you use a korn shell? That would simplify things tremendously. One of the problems with Windohs is that you cannot execute a script or program so that it can return a value to a local environment variable. That ability would make this task simple from command.com. Another possibility is to put your passwords in the registry, restrict that portion of the registry, ( or the whole thing ), and use a Perl script to retrieve the passwords and kick off the other jobs. What I do in linux is use a password server ( as seen in "Perl for Oracle DBA's") and retrieve the password across the network, encrypted of course. This works on windows as well, though you're there restricted to doing this strictly from within the Perl script. Jared [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/23/2003 01:49 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: RE: Hiding passwords Tom, As Dave Barry would say, Har! Unfortunately, we are talking about 3rd-party people who have the 'right' to log in for support (debugging their ^%(^#@ products, and installing updates). I've got them under local admin accounts (as opposed to domain accounts), so they can only get to their own servers. BUT... that's as far as I can go to secure things except at the folder level (and Oracle loves it (!) when you try and do folder security on the datafiles, controlfiles, etc.). I appreciate the thought, but you did not go far enough... Kill them all, and save on security hardware. Any workable ideas? Desperately yours, Paul R. Sherman DBA/Sr. Appl. Analyst Bacou-Dalloz office - 401-232-1200 x200 cell - 401-935-2802 "Mercadante, Thomas F" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 04:24 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: RE: Hiding passwords Paul, It's simple really. Do not allow them to log-on to the Win2k server - don't give them an account; keep the passwords secret; and keep the machine in a locked room. Tom Mercadante Oracle Certified Professional -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 4:15 PM To: Multiple recipients of list ORACLE-L Subject: Re: Hiding passwords Hello, If you do that in Win2k, then you have more env variables for 'authorized' people to see when they do a SET . Now, to be frank, I have an ulterior (a 'maxed-out' interior or exterior) motive in this reply. I have yet to see an intelligent (never mind elegant) of protecting system variables from someone's view when they do a SET in a DOS session. You can keep them out of Control Panel/System/Advanced/Environmental Variables, but you can't keep them out of DOS, so whaddya do? That's what I want to know. Has anyone confronted this issue and won? Thank you, Paul R. Sherman DBA/Sr. Appl. Analyst Bacou-Dalloz office - 401-232-1200 x200 cell - 401-935-2802 "M.Godlewski" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 02:15 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: Re: Hiding passwords You could set up environment variables and then reference the environment variable in your script. HTH M. [EMAIL PROTECTED] wrote: There is a good discussion in asktom website on this topic. Here is the link : http://asktom.oracle.com/pls/ask/f?p=4950:8:F4950_P8_DISPLAYID:142212348066 Hth. Best Regards, Prasad "O'Neill, Sean" non.ie> cc: Sent by: Subject: Hiding passwords [EMAIL PROTECTED] .com 09/23/2003 10:24 AM Please respond to ORACLE-L So the story goes like this. We're a NT/W2K shop. We have various scripts that run DB related jobs but these are in plain text and we'd like to "hide" these passwords in some way to allow scripts to run but the passwords not be "visible" to potential prying eyes. Has anyone cracked this one yet. I've had a trawl around MetaLink but found nothing of substance. - Seán O' Neill Organon (Ireland) Ltd. [subscribed: digest mode] -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail messag
RE: Hiding passwords
I don't quite get that. Why can't you set a local environment variable from a script? If you could, where do you propose to get the value that you want to put into an environment variable? At 01:59 PM 9/23/2003 -0800, you wrote: Paul, Any chance these scripts could be run from Cygwin, Uwin, MKS Toolkit, or anything that will let you use a korn shell? That would simplify things tremendously. One of the problems with Windohs is that you cannot execute a script or program so that it can return a value to a local environment variable. That ability would make this task simple from command.com. Another possibility is to put your passwords in the registry, restrict that portion of the registry, ( or the whole thing ), and use a Perl script to retrieve the passwords and kick off the other jobs. What I do in linux is use a password server ( as seen in "Perl for Oracle DBA's") and retrieve the password across the network, encrypted of course. This works on windows as well, though you're there restricted to doing this strictly from within the Perl script. Jared Wolfgang Breitling Oracle7, 8, 8i, 9i OCP DBA Centrex Consulting Corporation http://www.centrexcc.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Wolfgang Breitling INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Hiding passwords
there is no command.com equivalent for this: MY_PASSWORD=$(pwc.pl -instance dv01 -username scott) Simple in ksh, impossible in un-enhanced Windohs. That previous bit is something I use in several cron jobs for retrieving passwords, as well as command line logins to several databases as many different users. To do this in Windohs, you must embed the entire job in Perl. HTH Jared Wolfgang Breitling <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 03:29 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: RE: Hiding passwords I don't quite get that. Why can't you set a local environment variable from a script? If you could, where do you propose to get the value that you want to put into an environment variable? At 01:59 PM 9/23/2003 -0800, you wrote: >Paul, > >Any chance these scripts could be run from Cygwin, Uwin, MKS Toolkit, >or anything that will let you use a korn shell? > >That would simplify things tremendously. > >One of the problems with Windohs is that you cannot execute a script >or program so that it can return a value to a local environment variable. > >That ability would make this task simple from command.com. > >Another possibility is to put your passwords in the registry, restrict that >portion of the registry, ( or the whole thing ), and use a Perl script to >retrieve >the passwords and kick off the other jobs. > >What I do in linux is use a password server ( as seen in "Perl for Oracle >DBA's") >and retrieve the password across the network, encrypted of course. > >This works on windows as well, though you're there restricted to doing this >strictly from within the Perl script. > >Jared Wolfgang Breitling Oracle7, 8, 8i, 9i OCP DBA Centrex Consulting Corporation http://www.centrexcc.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Wolfgang Breitling INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Hiding passwords
Identified globally is if you are using LDAP. Identified externally is for external authentication without LDAP. Kerberos authentication also requires the advanced security option or whatever they are calling it. If you have been successful, Mladen, whose KDC and krb5 software are you using; what is the version of that software. Ian MacGregor Stanford Linear Accelerator Center [EMAIL PROTECTED] -Original Message- Sent: Tuesday, September 23, 2003 7:45 AM To: Multiple recipients of list ORACLE-L That is not a problem! Use advanced security and accounts "identified globally". As long as you're able to authenticate the process with RADIUS, Kerberos or something like that, you can work with oracle. -- Mladen Gogala Oracle DBA > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of O'Neill, Sean > Sent: Tuesday, September 23, 2003 10:25 AM > To: Multiple recipients of list ORACLE-L > Subject: Hiding passwords > > > So the story goes like this. We're a NT/W2K shop. We have > various scripts that run DB related jobs but these are in > plain text and we'd like to "hide" these passwords in some > way to allow scripts to run but the passwords not be > "visible" to potential prying eyes. Has anyone cracked this > one yet. I've had a trawl around MetaLink but found nothing > of substance. > > - > Seán O' Neill > Organon (Ireland) Ltd. > [subscribed: digest mode] > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: O'Neill, Sean > INET: [EMAIL PROTECTED] > > Fat City Network Services-- 858-538-5051 http://www.fatcity.com > San Diego, California-- Mailing list and web hosting services > - > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') > and in the message BODY, include a line containing: UNSUB > ORACLE-L (or the name of mailing list you want to be removed > from). You may also send the HELP command for other > information (like subscribing). > Note: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Wang Trading LLC and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Mladen Gogala INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: MacGregor, Ian A. INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Hiding passwords
Jared, Not saying this is elegant or does the same thing yet but couldn't you do something like this: " C:\Temp>copy con: pwd.txt orcl tiger !my Orcl instance ^Z 1 file(s) copied. C:\Temp>type pwd.txt orcl tiger !my Orcl instance C:\Temp>get_pwd Instance is [orcl] pwd is [tiger] C:\Temp> C:\Temp>type get_pwd.bat @ECHO OFF FOR /F "tokens=1-2 delims= eol=!" %%i IN (pwd.txt) DO call :get_pwd %%i %%j GOTO :end :get_pwd (SET theinst=%1) (SET thepwd=%2) ECHO Instance is [%theinst%] ECHO pwd is [%thepwd%] :end (SET theinst=) (SET thepwd=) C:\Temp> " Enhance the batch to take some parameters and enhance get_pwd subroutine to search for that which matches the parameters. Anyway hope this is of use to some. Regards, Bruce Reardon -Original Message- Sent: Wednesday, 24 September 2003 9:45 AM there is no command.com equivalent for this: MY_PASSWORD=$(pwc.pl -instance dv01 -username scott) Simple in ksh, impossible in un-enhanced Windohs. That previous bit is something I use in several cron jobs for retrieving passwords, as well as command line logins to several databases as many different users. To do this in Windohs, you must embed the entire job in Perl. HTH Jared -- Wolfgang Breitling <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 03:29 PM I don't quite get that. Why can't you set a local environment variable from a script? If you could, where do you propose to get the value that you want to put into an environment variable? At 01:59 PM 9/23/2003 -0800, you wrote: >Paul, > >Any chance these scripts could be run from Cygwin, Uwin, MKS Toolkit, >or anything that will let you use a korn shell? > >That would simplify things tremendously. > >One of the problems with Windohs is that you cannot execute a script >or program so that it can return a value to a local environment variable. > >That ability would make this task simple from command.com. > >Another possibility is to put your passwords in the registry, restrict that >portion of the registry, ( or the whole thing ), and use a Perl script to >retrieve >the passwords and kick off the other jobs. > >What I do in linux is use a password server ( as seen in "Perl for Oracle >DBA's") >and retrieve the password across the network, encrypted of course. > >This works on windows as well, though you're there restricted to doing this >strictly from within the Perl script. > >Jared Wolfgang Breitling Oracle7, 8, 8i, 9i OCP DBA Centrex Consulting Corporation http://www.centrexcc.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Reardon, Bruce (CALBBAY) INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Hiding passwords
How about:
setlocal & pushd
@echo off
call oraenv stats
@for /f %%I in ('pwc.pl') do (
set MY_PASSWORD=%%I
)
@sqlplus scott/%MY_PASSWORD% @test.sql
popd & endlocal
I don't have the password server configured, so my pwc.pl simply is
hardcoded to return tiger:
#!c:\perl\bin\perl.exe -w
print "tiger";
and test.sql is just "select user from dual;"
C:\tmp>test
C:\tmp>setlocal & pushd
Environment variable oracle_home not defined
SQL*Plus: Release 8.1.7.0.0 - Production on Tue Sep 23 18:32:24 2003
(c) Copyright 2000 Oracle Corporation. All rights reserved.
Connected to:
Oracle8i Enterprise Edition Release 8.1.7.4.1 - Production
With the Partitioning option
JServer Release 8.1.7.4.1 - Production
scott September 23, 2003
define "&" (hex 26)
USER
--
SCOTT
1 row selected.
Disconnected from Oracle8i Enterprise Edition Release 8.1.7.4.1 - Production
With the Partitioning option
JServer Release 8.1.7.4.1 - Production
C:\tmp>
granted, it is not quite as elegant as "MY_PASSWORD=$(pwc.pl ..." but it
gets the job done.
And it does not work in Windows (95/98) Dos, but in NT and W2K, which you
need to run Oracle server anyways.
At 03:44 PM 9/23/2003 -0800, you wrote:
there is no command.com equivalent for this: MY_PASSWORD=$(pwc.pl
-instance dv01 -username scott)
Simple in ksh, impossible in un-enhanced Windohs.
That previous bit is something I use in several cron jobs for retrieving
passwords,
as well as command line logins to several databases as many different users.
To do this in Windohs, you must embed the entire job in Perl.
HTH
Jared
Wolfgang Breitling <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
09/23/2003 03:29 PM
Please respond to ORACLE-L
To:Multiple recipients of list ORACLE-L
<[EMAIL PROTECTED]>
cc:
Subject:RE: Hiding passwords
I don't quite get that. Why can't you set a local environment variable from
a script? If you could, where do you propose to get the value that you want
to put into an environment variable?
At 01:59 PM 9/23/2003 -0800, you wrote:
>Paul,
>
>Any chance these scripts could be run from Cygwin, Uwin, MKS Toolkit,
>or anything that will let you use a korn shell?
>
>That would simplify things tremendously.
>
>One of the problems with Windohs is that you cannot execute a script
>or program so that it can return a value to a local environment variable.
>
>That ability would make this task simple from command.com.
>
>Another possibility is to put your passwords in the registry, restrict that
>portion of the registry, ( or the whole thing ), and use a Perl script to
>retrieve
>the passwords and kick off the other jobs.
>
>What I do in linux is use a password server ( as seen in "Perl for Oracle
>DBA's")
>and retrieve the password across the network, encrypted of course.
>
>This works on windows as well, though you're there restricted to doing this
>strictly from within the Perl script.
>
>Jared
Wolfgang Breitling
Oracle7, 8, 8i, 9i OCP DBA
Centrex Consulting Corporation
http://www.centrexcc.com
Wolfgang Breitling
Oracle7, 8, 8i, 9i OCP DBA
Centrex Consulting Corporation
http://www.centrexcc.com
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Wolfgang Breitling
INET: [EMAIL PROTECTED]
Fat City Network Services-- 858-538-5051 http://www.fatcity.com
San Diego, California-- Mailing list and web hosting services
-
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
RE: Hiding passwords
passwordsYou could set up environment variables and then reference the environment variable in your script. HTH M.[EMAIL PROTECTED] wrote: There is a good discussion in asktom website on this topic.Here is the link :http://asktom.oracle.com/pls/ask/f?p=4950:8:F4950_P8_DISPLAYID:142212348066Hth.Best Regards,Prasad"O'Neill, Sean" non.ie> cc: Sent by: Subject: Hiding passwords [EMAIL PROTECTED] .com 09/23/2003 10:24 AM Please respond to ORACLE-L So the story goes like this. We're a NT/W2K shop. We have various scriptsthat run DB related jobs but these are in plain text and we'd like to"hide"these passwords in some way to allow scripts to run but the passwords notbe"visible" to potential prying eyes. Has anyone cracked this one yet. I'vehad a trawl around MetaLink but found nothing of substance.-Seán O' NeillOrganon (Ireland) Ltd.[subscribed: digest mode]--Please see the official ORACLE-L FAQ: http://www.orafaq.net--Author: O'Neill, SeanINET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.comSan Diego, California -- Mailing list and web hosting services-To REMOVE yourself from this mailing list, send an E-Mail messageto: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and inthe message BODY, include a line containing: UNSUB ORACLE-L(or the name of mailing list you want to be removed from). You mayalso send the HELP command for other information (like subscribing).-- Please see the official ORACLE-L FAQ: http://www.orafaq.net-- Author: INET: [EMAIL PROTECTED]Fat City Network Services -- 858-538-5051 http://www.fatcity.comSan Diego, California -- Mailing list and web hosting services-To REMOVEE yourself from this mailing list, send an E-Mail messageto: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and inthe message BODY, include a line containing: UNSUB ORACLE-L(or the name of mailing list you want to be removed from). You mayalso send the HELP command for other information (like subscribing). Do you Yahoo!?Yahoo! SiteBuilder - Free, easy-to-use web site design software
RE: Hiding passwords
In Windows2000 you can encrypt a file... Not sure how well that would work though, since if you install your software as local administrator (not good practice) then anyone else who logs in as administrator would be able to see / run the file too... Patrice. -Original Message-From: Mercadante, Thomas F [mailto:[EMAIL PROTECTED]Sent: Wednesday, September 24, 2003 9:55 AMTo: Multiple recipients of list ORACLE-LSubject: RE: Hiding passwords Jared, You said: "One of the problems with Windohs is that you cannot execute a script or program so that it can return a value to a local environment variable." This is true. But to accomplish the same functionality, you can dynamically create a temporary .bat file that creates the environmental and then execute that bat file. Unfortunately on Windows, anything that you do can be repeated by someone else who logs onto the system. I guess you could secure a folder that only the Oracle account could see, and have these scripts placed in those folders so that the other users cannot get into them without rebooting the machine and bringing it up in DOS mode. That (I think) would prevent snooping. Not sure though. Tom Mercadante Oracle Certified Professional -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Tuesday, September 23, 2003 6:00 PMTo: Multiple recipients of list ORACLE-LSubject: RE: Hiding passwordsPaul, Any chance these scripts could be run from Cygwin, Uwin, MKS Toolkit, or anything that will let you use a korn shell? That would simplify things tremendously. One of the problems with Windohs is that you cannot execute a script or program so that it can return a value to a local environment variable. That ability would make this task simple from command.com. Another possibility is to put your passwords in the registry, restrict that portion of the registry, ( or the whole thing ), and use a Perl script to retrieve the passwords and kick off the other jobs. What I do in linux is use a password server ( as seen in "Perl for Oracle DBA's") and retrieve the password across the network, encrypted of course. This works on windows as well, though you're there restricted to doing this strictly from within the Perl script. Jared [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/23/2003 01:49 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: RE: Hiding passwordsTom, As Dave Barry would say, Har! Unfortunately, we are talking about 3rd-party people who have the 'right' to log in for support (debugging their ^%(^#@ products, and installing updates). I've got them under local admin accounts (as opposed to domain accounts), so they can only get to their own servers. BUT... that's as far as I can go to secure things except at the folder level (and Oracle loves it (!) when you try and do folder security on the datafiles, controlfiles, etc.). I appreciate the thought, but you did not go far enough... Kill them all, and save on security hardware. Any workable ideas? Desperately yours,Paul R. ShermanDBA/Sr. Appl. AnalystBacou-Dallozoffice - 401-232-1200 x200cell - 401-935-2802 "Mercadante, Thomas F" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 04:24 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: RE: Hiding passwordsPaul, It's simple really. Do not allow them to log-on to the Win2k server - don't give them an account; keep the passwords secret; and keep the machine in a locked room. Tom Mercadante Oracle Certified Professional -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Tuesday, September 23, 2003 4:15 PMTo: Multiple recipients of list ORACLE-LSubject: Re: Hiding passwordsHello, If you do that in Win2k, then you have more env variables for 'authorized' people to see when they do a SET . Now, to be frank, I have an ulterior (a 'maxed-out' interior or exterior) motive in this reply. I have yet to see an intelligent (never mind elegant) of protecting system variables from someone's view when they do a SET in a DOS session. You can keep them out of Control Panel/System/Advanced/Enviro
Re: Hiding passwords
- Original Message - >In Windows2000 you can encrypt a file... Not sure how well that would work >though, since if you install your software as local administrator (not good >practice) then anyone else who logs in as administrator would be able to see >/ run the file too... Here is a little known trick of NTFS file systems. It's called "data streams". D:\>del file.txt D:\>echo Some stuff > file.txt D:\>echo and its password >file.txt:pwd D:\>dir Volume in drive D is OS Volume Serial Number is A4BA-68F3 Directory of D:\ 24/09/2003 11:19p 13 file.txt (note the file size!) D:\>type file.txt Some stuff D:\>type file.txt:pwd The filename, directory name, or volume label syntax is incorrect. D:\>more I'm sure there are some interesting uses to be explored here to hide Oracle passwords! ;) Note: the hidden data stream name can be ANY filename string and is subject to security. This was used initially in NTFS to support the Mac resource fork file format in file servers. It is still there and won't go away any time soon as IIS uses it. MS Knowledge base article 105763 discusses this in detail. You can also search google for some details. Use "alternate data streams". Careful: this is used by some virus writers!!! Cheers Nuno Souto [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Nuno Souto INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Hiding passwords
Yes, I could to that, but I won't. I really don' like writing passwords out to a temp file. Jared "Mercadante, Thomas F" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/24/2003 05:54 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: RE: Hiding passwords Jared, You said: "One of the problems with Windohs is that you cannot execute a script or program so that it can return a value to a local environment variable." This is true. But to accomplish the same functionality, you can dynamically create a temporary .bat file that creates the environmental and then execute that bat file. Unfortunately on Windows, anything that you do can be repeated by someone else who logs onto the system. I guess you could secure a folder that only the Oracle account could see, and have these scripts placed in those folders so that the other users cannot get into them without rebooting the machine and bringing it up in DOS mode. That (I think) would prevent snooping. Not sure though. Tom Mercadante Oracle Certified Professional -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 6:00 PM To: Multiple recipients of list ORACLE-L Subject: RE: Hiding passwords Paul, Any chance these scripts could be run from Cygwin, Uwin, MKS Toolkit, or anything that will let you use a korn shell? That would simplify things tremendously. One of the problems with Windohs is that you cannot execute a script or program so that it can return a value to a local environment variable. That ability would make this task simple from command.com. Another possibility is to put your passwords in the registry, restrict that portion of the registry, ( or the whole thing ), and use a Perl script to retrieve the passwords and kick off the other jobs. What I do in linux is use a password server ( as seen in "Perl for Oracle DBA's") and retrieve the password across the network, encrypted of course. This works on windows as well, though you're there restricted to doing this strictly from within the Perl script. Jared [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/23/2003 01:49 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: RE: Hiding passwords Tom, As Dave Barry would say, Har! Unfortunately, we are talking about 3rd-party people who have the 'right' to log in for support (debugging their ^%(^#@ products, and installing updates). I've got them under local admin accounts (as opposed to domain accounts), so they can only get to their own servers. BUT... that's as far as I can go to secure things except at the folder level (and Oracle loves it (!) when you try and do folder security on the datafiles, controlfiles, etc.). I appreciate the thought, but you did not go far enough... Kill them all, and save on security hardware. Any workable ideas? Desperately yours, Paul R. Sherman DBA/Sr. Appl. Analyst Bacou-Dalloz office - 401-232-1200 x200 cell - 401-935-2802 "Mercadante, Thomas F" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 04:24 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: RE: Hiding passwords Paul, It's simple really. Do not allow them to log-on to the Win2k server - don't give them an account; keep the passwords secret; and keep the machine in a locked room. Tom Mercadante Oracle Certified Professional -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 4:15 PM To: Multiple recipients of list ORACLE-L Subject: Re: Hiding passwords Hello, If you do that in Win2k, then you have more env variables for 'authorized' people to see when they do a SET . Now, to be frank, I have an ulterior (a 'maxed-out' interior or exterior) motive in this reply. I have yet to see an intelligent (never mind elegant) of protecting system variables from someone's view when they do a SET in a DOS session. You can keep them out of Control Panel/System/Advanced/Environmental Variables, but you can't keep them out of DOS, so whaddya do? That's what I want to know. Has anyone confronted this issue and won? Thank you, Paul R. Sherman DBA/Sr. Appl. Analyst Bacou-Dalloz office - 401-232-1200 x200 cell - 401-935-2802 "M.Godlewski" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 02:15 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject:
RE: Hiding passwords
Yes, I could do that, but I won't. It's fraught with security problems. "Reardon, Bruce (CALBBAY)" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 06:14 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: RE: Hiding passwords Jared, Not saying this is elegant or does the same thing yet but couldn't you do something like this: " C:\Temp>copy con: pwd.txt orcl tiger !my Orcl instance ^Z 1 file(s) copied. C:\Temp>type pwd.txt orcl tiger !my Orcl instance C:\Temp>get_pwd Instance is [orcl] pwd is [tiger] C:\Temp> C:\Temp>type get_pwd.bat @ECHO OFF FOR /F "tokens=1-2 delims= eol=!" %%i IN (pwd.txt) DO call :get_pwd %%i %%j GOTO :end :get_pwd (SET theinst=%1) (SET thepwd=%2) ECHO Instance is [%theinst%] ECHO pwd is [%thepwd%] :end (SET theinst=) (SET thepwd=) C:\Temp> " Enhance the batch to take some parameters and enhance get_pwd subroutine to search for that which matches the parameters. Anyway hope this is of use to some. Regards, Bruce Reardon -Original Message- Sent: Wednesday, 24 September 2003 9:45 AM there is no command.com equivalent for this: MY_PASSWORD=$(pwc.pl -instance dv01 -username scott) Simple in ksh, impossible in un-enhanced Windohs. That previous bit is something I use in several cron jobs for retrieving passwords, as well as command line logins to several databases as many different users. To do this in Windohs, you must embed the entire job in Perl. HTH Jared -- Wolfgang Breitling <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 03:29 PM I don't quite get that. Why can't you set a local environment variable from a script? If you could, where do you propose to get the value that you want to put into an environment variable? At 01:59 PM 9/23/2003 -0800, you wrote: >Paul, > >Any chance these scripts could be run from Cygwin, Uwin, MKS Toolkit, >or anything that will let you use a korn shell? > >That would simplify things tremendously. > >One of the problems with Windohs is that you cannot execute a script >or program so that it can return a value to a local environment variable. > >That ability would make this task simple from command.com. > >Another possibility is to put your passwords in the registry, restrict that >portion of the registry, ( or the whole thing ), and use a Perl script to >retrieve >the passwords and kick off the other jobs. > >What I do in linux is use a password server ( as seen in "Perl for Oracle >DBA's") >and retrieve the password across the network, encrypted of course. > >This works on windows as well, though you're there restricted to doing this >strictly from within the Perl script. > >Jared Wolfgang Breitling Oracle7, 8, 8i, 9i OCP DBA Centrex Consulting Corporation http://www.centrexcc.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Reardon, Bruce (CALBBAY) INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Hiding passwords
Thanks, this bears investigating. "Nuno Souto" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/24/2003 07:29 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject: Re: Hiding passwords - Original Message - >In Windows2000 you can encrypt a file... Not sure how well that would work >though, since if you install your software as local administrator (not good >practice) then anyone else who logs in as administrator would be able to see >/ run the file too... Here is a little known trick of NTFS file systems. It's called "data streams". D:\>del file.txt D:\>echo Some stuff > file.txt D:\>echo and its password >file.txt:pwd D:\>dir Volume in drive D is OS Volume Serial Number is A4BA-68F3 Directory of D:\ 24/09/2003 11:19p 13 file.txt (note the file size!) D:\>type file.txt Some stuff D:\>type file.txt:pwd The filename, directory name, or volume label syntax is incorrect. D:\>more and its password D:\> I'm sure there are some interesting uses to be explored here to hide Oracle passwords! ;) Note: the hidden data stream name can be ANY filename string and is subject to security. This was used initially in NTFS to support the Mac resource fork file format in file servers. It is still there and won't go away any time soon as IIS uses it. MS Knowledge base article 105763 discusses this in detail. You can also search google for some details. Use "alternate data streams". Careful: this is used by some virus writers!!! Cheers Nuno Souto [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Nuno Souto INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Hiding passwords
Apparently my Windoze Command scripting skills are woefully inadequate.
The past several years have been ksh heavy and windoze shell poor, not
that I regret this in any way. :)
Thanks Wolfgang, I'll have to play with this.
Jared
Wolfgang Breitling <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
09/23/2003 06:44 PM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
cc:
Subject: RE: Hiding passwords
How about:
setlocal & pushd
@echo off
call oraenv stats
@for /f %%I in ('pwc.pl') do (
set MY_PASSWORD=%%I
)
@sqlplus scott/%MY_PASSWORD% @test.sql
popd & endlocal
I don't have the password server configured, so my pwc.pl simply is
hardcoded to return tiger:
#!c:\perl\bin\perl.exe -w
print "tiger";
and test.sql is just "select user from dual;"
C:\tmp>test
C:\tmp>setlocal & pushd
Environment variable oracle_home not defined
SQL*Plus: Release 8.1.7.0.0 - Production on Tue Sep 23 18:32:24 2003
(c) Copyright 2000 Oracle Corporation. All rights reserved.
Connected to:
Oracle8i Enterprise Edition Release 8.1.7.4.1 - Production
With the Partitioning option
JServer Release 8.1.7.4.1 - Production
scott September 23, 2003
define "&" (hex 26)
USER
--
SCOTT
1 row selected.
Disconnected from Oracle8i Enterprise Edition Release 8.1.7.4.1 - Production
With the Partitioning option
JServer Release 8.1.7.4.1 - Production
C:\tmp>
granted, it is not quite as elegant as "MY_PASSWORD=$(pwc.pl ..." but it
gets the job done.
And it does not work in Windows (95/98) Dos, but in NT and W2K, which you
need to run Oracle server anyways.
At 03:44 PM 9/23/2003 -0800, you wrote:
>there is no command.com equivalent for this: MY_PASSWORD=$(pwc.pl
>-instance dv01 -username scott)
>
>Simple in ksh, impossible in un-enhanced Windohs.
>
>That previous bit is something I use in several cron jobs for retrieving
>passwords,
>as well as command line logins to several databases as many different users.
>
>To do this in Windohs, you must embed the entire job in Perl.
>
>HTH
>
>Jared
>
>
>
>
>
>Wolfgang Breitling <[EMAIL PROTECTED]>
>Sent by: [EMAIL PROTECTED]
>
> 09/23/2003 03:29 PM
> Please respond to ORACLE-L
>
> To: Multiple recipients of list ORACLE-L
> <[EMAIL PROTECTED]>
> cc:
> Subject: RE: Hiding passwords
>
>
>I don't quite get that. Why can't you set a local environment variable from
>a script? If you could, where do you propose to get the value that you want
>to put into an environment variable?
>
>At 01:59 PM 9/23/2003 -0800, you wrote:
>
> >Paul,
> >
> >Any chance these scripts could be run from Cygwin, Uwin, MKS Toolkit,
> >or anything that will let you use a korn shell?
> >
> >That would simplify things tremendously.
> >
> >One of the problems with Windohs is that you cannot execute a script
> >or program so that it can return a value to a local environment variable.
> >
> >That ability would make this task simple from command.com.
> >
> >Another possibility is to put your passwords in the registry, restrict that
> >portion of the registry, ( or the whole thing ), and use a Perl script to
> >retrieve
> >the passwords and kick off the other jobs.
> >
> >What I do in linux is use a password server ( as seen in "Perl for Oracle
> >DBA's")
> >and retrieve the password across the network, encrypted of course.
> >
> >This works on windows as well, though you're there restricted to doing this
> >strictly from within the Perl script.
> >
> >Jared
>
>Wolfgang Breitling
>Oracle7, 8, 8i, 9i OCP DBA
>Centrex Consulting Corporation
>http://www.centrexcc.com
Wolfgang Breitling
Oracle7, 8, 8i, 9i OCP DBA
Centrex Consulting Corporation
http://www.centrexcc.com
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Wolfgang Breitling
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
-
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Re: Hiding passwords
In ntfs you can set permissions on a file . But that wouldn't stop a member of the adminstrator group. What you need to do is to aditionally encrypt the file or folder as well. Then no one else can even list the contents of the folder, not even another administrator. In xp its as easy as right clicking the file/folder , select properties , advanced, 'encrypt contents to secure data'. Now every time you need access just double click the file/folder. Decryption is allowed only for you and occurs on the fly and transparently. But make sure you backup your certificates just in case the system crashes and you have to reinstall. You can then import your certificates and decrypt this folder. - Original Message - To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Sent: Wednesday, September 24, 2003 18:49 In Windows2000 you can encrypt a file... Not sure how well that would work though, since if you install your software as local administrator (not good practice) then anyone else who logs in as administrator would be able to see / run the file too... Patrice. -Original Message- Sent: Wednesday, September 24, 2003 9:55 AM To: Multiple recipients of list ORACLE-L Jared, You said: "One of the problems with Windohs is that you cannot execute a script or program so that it can return a value to a local environment variable." This is true. But to accomplish the same functionality, you can dynamically create a temporary .bat file that creates the environmental and then execute that bat file. Unfortunately on Windows, anything that you do can be repeated by someone else who logs onto the system. I guess you could secure a folder that only the Oracle account could see, and have these scripts placed in those folders so that the other users cannot get into them without rebooting the machine and bringing it up in DOS mode. That (I think) would prevent snooping. Not sure though. Tom Mercadante Oracle Certified Professional -Original Message- Sent: Tuesday, September 23, 2003 6:00 PM To: Multiple recipients of list ORACLE-L Paul, Any chance these scripts could be run from Cygwin, Uwin, MKS Toolkit, or anything that will let you use a korn shell? That would simplify things tremendously. One of the problems with Windohs is that you cannot execute a script or program so that it can return a value to a local environment variable. That ability would make this task simple from command.com. Another possibility is to put your passwords in the registry, restrict that portion of the registry, ( or the whole thing ), and use a Perl script to retrieve the passwords and kick off the other jobs. What I do in linux is use a password server ( as seen in "Perl for Oracle DBA's") and retrieve the password across the network, encrypted of course. This works on windows as well, though you're there restricted to doing this strictly from within the Perl script. Jared [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/23/2003 01:49 PM Please respond to ORACLE-L To:Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject:RE: Hiding passwords Tom, As Dave Barry would say, Har! Unfortunately, we are talking about 3rd-party people who have the 'right' to log in for support (debugging their ^%(^#@ products, and installing updates). I've got them under local admin accounts (as opposed to domain accounts), so they can only get to their own servers. BUT... that's as far as I can go to secure things except at the folder level (and Oracle loves it (!) when you try and do folder security on the datafiles, controlfiles, etc.). I appreciate the thought, but you did not go far enough... Kill them all, and save on security hardware. Any workable ideas? Desperately yours, Paul R. Sherman DBA/Sr. Appl. Analyst Bacou-Dalloz office - 401-232-1200 x200 cell- 401-935-2802 "Mercadante, Thomas F" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/23/2003 04:24 PM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> cc: Subject:RE: Hiding passwords Paul, It's simple really. Do not allow them to log-on to the Win2k server - don't give them an account; keep the passwords secret; and keep the machine in a locked room. Tom Mercadante Oracle Certified Professional -Original Message- Sent: Tuesday, September 23, 2003 4:15 PM To: Multiple recipients of list ORACLE-L Hello, If you do that in Win2k, then you have more env variables for 'authorized' people to see when they do a SET . Now, to be frank, I have an ulterior (a 'maxed-out' interior or exterior) motive in this reply. I have yet to see an intelligent (never mind elegant) of protecting system variables from someone's view when they do a SET
Re: Hiding passwords
Sorry, forgot this: 1- You need a "Pro" product for this: XP Pro, W2K Pro, NT4WS. Won't run in XP or W2K vanilla, the NTFS there has been "dumbed down". 2- In XP Pro, apparently you need a "$" in front of the data stream name. In the others, any word will do. In the others, a "$" in front will also work. So, use "$" for portability. 3- Not all commands can see these data streams. Perl should, but I never tried. Source patch? Cheers Nuno Souto [EMAIL PROTECTED] - Original Message - > Thanks, this bears investigating. > > Here is a little known trick of NTFS file systems. > It's called "data streams". > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Nuno Souto INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Hiding passwords
That's very interesting... Thank you. Do you know how that can be set in an env variable? Or how the hidden variable can be passed around? Eg C:\ads>set var=set var=more echo is on ??? Thanks Bob >In Windows2000 you can encrypt a file... Not sure how well that would work >though, since if you install your software as local administrator (not good >practice) then anyone else who logs in as administrator would be able to see >/ run the file too... Here is a little known trick of NTFS file systems. It's called "data streams". D:\>del file.txt D:\>echo Some stuff > file.txt D:\>echo and its password >file.txt:pwd D:\>dir Volume in drive D is OS Volume Serial Number is A4BA-68F3 Directory of D:\ 24/09/2003 11:19p 13 file.txt (note the file size!) D:\>type file.txt Some stuff D:\>type file.txt:pwd The filename, directory name, or volume label syntax is incorrect. D:\>more I'm sure there are some interesting uses to be explored here to hide Oracle passwords! ;) Note: the hidden data stream name can be ANY filename string and is subject to security. This was used initially in NTFS to support the Mac resource fork file format in file servers. It is still there and won't go away any time soon as IIS uses it. MS Knowledge base article 105763 discusses this in detail. You can also search google for some details. Use "alternate data streams". Careful: this is used by some virus writers!!! Cheers Nuno Souto [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Nuno Souto INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Bob Metelsky INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
hiding passwords on NT
We have a NT client program written in VB that uses a single user to connect to the database. The application does not prompt for a user or password. The user and password that is used for connection to the database is passed to the client program as parameters in t he application shortcut. We would like to hide this user and password somewhere, rather than have it in the shortcut. Any advice on the best way to do this? OS authentication is not an option. John -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: John Dunn INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: RE: Hiding passwords
> Bob Metelsky <[EMAIL PROTECTED]> wrote: > That's very interesting... Thank you. Do you know how that can be set > in > an env variable? Or how the hidden variable can be passed around? > Eg > C:\ads>set var= Or > C:\ads>set var=more Echo %var% > C:\ads> echo is on > ??? This works in XP Pro, dunno about older versions: Y:\>echo password >file.txt:pwd Y:\>type file.txt Y:\>more more zot.txt Y:\>type zot.txt password Y:\>for /F "usebackq" %i in (`type zot.txt`) do @set zot=%i ^^ Y:\>set yaddayaddayadda... windir=C:\WINDOWS ZOT=password Y:>del zot.txt Assuming you do this within "setlocal", you should be fine. HTH Cheers Nuno Souto [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Nuno Pinto do Souto INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: hiding passwords on NT
You should be able to add an entry in the client's ODBC settings for uid and pwd. It's been a long time since I worked with this stuff...I would search the M$ web site to be sure, but I think that you can just create two new strings under the ODBC connection key and the app will not prompt you. List , any help with this one? Thanks, Frank Pettinato Oracle DBA -Original Message- Robert D SSgt AFIT/SCA Sent: Friday, April 06, 2001 8:01 AM To: Multiple recipients of list ORACLE-L Is this VB app something that is developed internally within your organization? Or is it a third party tool that you have no control over? The reason I ask is because if it is something that you have access to the source code for, it seems to me that you could just as easily hard-code the username/password into the source code of the application, in which case when it is compiled, it will be compiled into the binary .exe which you would never be able to get into (without decompiling/reverse-engineering it that is). That's what I would do. -::YEX::- <)))>< -Original Message- Sent: Friday, 06 April, 2001 7:41 AM To: Multiple recipients of list ORACLE-L We have a NT client program written in VB that uses a single user to connect to the database. The application does not prompt for a user or password. The user and password that is used for connection to the database is passed to the client program as parameters in t he application shortcut. We would like to hide this user and password somewhere, rather than have it in the shortcut. Any advice on the best way to do this? OS authentication is not an option. John -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: John Dunn INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Yexley Robert D SSgt AFIT/SCA INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Frank N. Pettinato INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: hiding passwords on NT
Thanks for the replies on this...but we do not want to code the user and password into the application...we want to held it externally...but securely John > -Original Message- > From: Frank N. Pettinato [SMTP:[EMAIL PROTECTED]] > Sent: 06 April 2001 16:54 > To: Multiple recipients of list ORACLE-L > Subject: RE: hiding passwords on NT > > You should be able to add an entry in the client's ODBC settings for uid > and > pwd. It's been a long time since I worked with this stuff...I would search > the M$ web site to be sure, but I think that you can just create two new > strings under the ODBC connection key and the app will not prompt you. > > List , any help with this one? > > Thanks, > Frank Pettinato > Oracle DBA > > > > -Original Message- > Robert D SSgt AFIT/SCA > Sent: Friday, April 06, 2001 8:01 AM > To: Multiple recipients of list ORACLE-L > > > Is this VB app something that is developed internally within your > organization? Or is it a third party tool that you have no control over? > The reason I ask is because if it is something that you have access to the > source code for, it seems to me that you could just as easily hard-code > the > username/password into the source code of the application, in which case > when it is compiled, it will be compiled into the binary .exe which you > would never be able to get into (without decompiling/reverse-engineering > it > that is). That's what I would do. > > -::YEX::- > <)))>< > > -Original Message- > Sent: Friday, 06 April, 2001 7:41 AM > To: Multiple recipients of list ORACLE-L > > > We have a NT client program written in VB that uses a single user to > connect > to the database. The application does not prompt for a user or password. > The > user and password that is used for connection to the database is passed to > the client program as parameters in t he application shortcut. > > We would like to hide this user and password somewhere, rather than have > it > in the shortcut. > > Any advice on the best way to do this? > > OS authentication is not an option. > > John > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: John Dunn > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Yexley Robert D SSgt AFIT/SCA > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Frank N. Pettinato > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: John Dunn INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: hiding passwords on NT
How about store it in a configuration file or registry and store it encrypted. Let the application read from the file or registry. Richard -Original Message- Sent: Friday, April 06, 2001 1:01 PM To: Multiple recipients of list ORACLE-L Thanks for the replies on this...but we do not want to code the user and password into the application...we want to held it externally...but securely John > -Original Message- > From: Frank N. Pettinato [SMTP:[EMAIL PROTECTED]] > Sent: 06 April 2001 16:54 > To: Multiple recipients of list ORACLE-L > Subject: RE: hiding passwords on NT > > You should be able to add an entry in the client's ODBC settings for uid > and > pwd. It's been a long time since I worked with this stuff...I would search > the M$ web site to be sure, but I think that you can just create two new > strings under the ODBC connection key and the app will not prompt you. > > List , any help with this one? > > Thanks, > Frank Pettinato > Oracle DBA > > > > -Original Message- > Robert D SSgt AFIT/SCA > Sent: Friday, April 06, 2001 8:01 AM > To: Multiple recipients of list ORACLE-L > > > Is this VB app something that is developed internally within your > organization? Or is it a third party tool that you have no control over? > The reason I ask is because if it is something that you have access to the > source code for, it seems to me that you could just as easily hard-code > the > username/password into the source code of the application, in which case > when it is compiled, it will be compiled into the binary .exe which you > would never be able to get into (without decompiling/reverse-engineering > it > that is). That's what I would do. > > -::YEX::- > <)))>< > > -Original Message- > Sent: Friday, 06 April, 2001 7:41 AM > To: Multiple recipients of list ORACLE-L > > > We have a NT client program written in VB that uses a single user to > connect > to the database. The application does not prompt for a user or password. > The > user and password that is used for connection to the database is passed to > the client program as parameters in t he application shortcut. > > We would like to hide this user and password somewhere, rather than have > it > in the shortcut. > > Any advice on the best way to do this? > > OS authentication is not an option. > > John > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: John Dunn > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Yexley Robert D SSgt AFIT/SCA > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Frank N. Pettinato > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: John Dunn INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet
RE: hiding passwords on NT
Is this VB app something that is developed internally within your organization? Or is it a third party tool that you have no control over? The reason I ask is because if it is something that you have access to the source code for, it seems to me that you could just as easily hard-code the username/password into the source code of the application, in which case when it is compiled, it will be compiled into the binary .exe which you would never be able to get into (without decompiling/reverse-engineering it that is). That's what I would do. -::YEX::- <)))>< -Original Message- Sent: Friday, 06 April, 2001 7:41 AM To: Multiple recipients of list ORACLE-L We have a NT client program written in VB that uses a single user to connect to the database. The application does not prompt for a user or password. The user and password that is used for connection to the database is passed to the client program as parameters in t he application shortcut. We would like to hide this user and password somewhere, rather than have it in the shortcut. Any advice on the best way to do this? OS authentication is not an option. John -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: John Dunn INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Yexley Robert D SSgt AFIT/SCA INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
