<<Back to Oracle DB Security Main Page
How to avoid Keying in the Password or Saving the Password in an Script file
Are you really concerned about Security. Are you not willing to save the password in a file or not willing to key in as and when required. Then you must read this blog until the endStep1> Create directory to hold wallet
$mkdir -p /u01/dbatst2/admin/wallet/TST1T/
Step2> Enter wallet information in your sqlnet.ora
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/dbatst2/admin/wallet/TST1T/)
)
)
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0
Step3> Create wallet to hold the credentials
$ mkstore -wrl /u01/dbatst2/admin/wallet/TST1T/ -createOracle Secret Store Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.
Enter password:********
Enter password again:******
Step4> Store DB credentials in wallet
$ mkstore -wrl /u01/dbatst2/admin/wallet/TST1T/ -createCredential PDB01 test
Oracle Secret Store Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.
Your secret/Password is missing in the command line
Enter your secret/Password:<== enter here database user password
Re-enter your secret/Password:<== Confirm database user password
Enter wallet password:<== enter here wallet password used in Step3 to create the wallet
NOTE: ensure that the tnsentry PDB01 exists in TNSNAMES.ORA
Step4> List the Credentials Stored in Wallet
$ mkstore -wrl /u01/dbatst2/admin/wallet/TST1T/ -listCredential
Oracle Secret Store Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
List credential (index: connect_string username)
1: PDB01 test
Step5> Use the Credentials stored in Wallet in your script etc.
$ sqlplus /@PDB01
SQL*Plus: Release 12.2.0.1.0 Production on Fri Feb 8 13:46:44 2019
Copyright (c) 1982, 2016, Oracle. All rights reserved.
Last Successful login time: Fri Feb 08 2019 13:41:14 +01:00
Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production
SQL> show user;
USER is "TEST"
As you can see, you don't even have to specify the username to connect to the database. You just have to tell the TNS Alias, the username and password stored corresponding to that alias is retrieved from the wallet and connection is established. Therefore remember that you can have only ONE user per TNS alias stored in the wallet.
If the credentials of the user is changed you can easily update the wallet with new credentials details
$ mkstore -wrl /u01/dbatst2/admin/wallet/TST1T/ -modifyCredential PDB01 test
Oracle Secret Store Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle Secret Store Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.
Your secret/Password is missing in the command line
Enter your secret/Password:<== enter here new database user password
Re-enter your secret/Password:<== Confirm here new database user password
Enter wallet password:<== enter here wallet password
Enter your secret/Password:<== enter here new database user password
Re-enter your secret/Password:<== Confirm here new database user password
Enter wallet password:<== enter here wallet password
NOTE: You can create the wallet using mkstore and save credentials in this wallet at client side as well.
Comments
Post a Comment