Hi there

I am not an Oracle DBA,but this problem is concerned with linux also ,so I trying out here.

I am trying to write an oracle script(which will be executed from the Linux shell) which will login into sqlplus and perfom the required operations.

For this I will need to connect to SQLPLUS with oracle installed.
But the problem is that I am not able to get how will I hide the password in that script.

The password will be in clear text which will be easy for anyone to read if acces to that file,I want to encrypt those passwords.

Is there any way out??

regards

You could try sourcing a different file that contains the password and has some more severe access restrictions (ie only allowing read access to you and root).

To accomplish this:
-setUID bit on your oracle/SQLPLUS script to make it run as your user.
-in that script, source your credentials file, ie (Bash):
. /home/your_user/.credentials_Oracle (if you're root, you can also put it in /etc somewhere).
-In that file (rwx for you only), add lines to set a variable like $password or something.
After sourcing the credentials file, you can use $password in your Oracle script.

The catch here is that you'll need setUID bit to make it work, which implies other security hazards.

An alternative would be to use more advanced security features like PAM or SELinux. But I'm no expert in those matters.

Edit:
A few security notes though:
-don't put setUID on a program owned by root. Use a dedicated user instead if needed.
-make sure no-one has write access on the directory -or any directory above- where the credentials files is located. Preferably, execute permission and/or read permission on any directory leading up to the credentials file should be denied to anybody else but your user (that's why you can put it in a home directory - those usually have limited permissions already).