views:

40

answers:

1

I have shell script calling Sql*loader utility which inturn uses username/password as arguments. This details cannot be stored on server in any form due to security related policies. i got 2 approaches to handle this situation, 1. create hidden parameter file with login details and limit the access to owner. again the implication is i cannot store login data in any format on server 2. Create the user as OS authenticated and straight away login into sql without any userid/password I am not able to figure out risks involved in 2nd approach which u experienced folks could have come across. let me know if there is any other approach to handle password leakage issue

A: 

If you use windows, you can use DOS variables to store the password. Make two variables, called sqlldr_user and sqlldr_password (or call them sq_jfkd and sq_tral to not make it too obvious what it is). You can do this under System Properties (windows+break)->advanced->environment variables.

In your sqlldr batch file, use %sqlldr_user%/%sqlldr_pass@connectstring, control=my_control

Edo de Roo