问题描述:
在batch文件中,使用SQLPLUS登录数据库,其中包含用户名和密码。目前,密码是以明文的方式记录在batch文件中的。从安全性角度而言,这样不利于保护数据库的登录密码。
解决方法:
建立系统变量,将明文密码保存在系统变量的值中。然后在batch文件中引用该变量即可,如:
sqlplus testSchema@testConnectIdentifier/%testPassword% @"C:\testFolder\testControlFile.ctl"
其中,testPassword为在Windows中创建的系统变量。在batch文件中,使用一对百分号(%%)引用环境变量的值。
参考资料:(来自SQLPLUS Reference Guide)
Program Argument Security
Some operating systems allow any user to see what programs are being run. If the display also shows command-line arguments, it may be possible to view the usernames and passwords of other SQL*Plus users.
For example, on many UNIX or Linux systems the ps command shows program arguments. To stop passwords being displayed depends on how you use SQL*Plus.
■ To run SQL*Plus interactively, always wait for SQL*Plus to prompt for connection information, particularly your password.
■ To run a batch SQL script from a UNIX shell script, set environment variables MYUSERNAME and MYPASSWORD to the appropriate values. Run a shell script containing:
sqlplus /nolog <<EOF
connect $MYUSERNAME/$MYPASSWORD
select ...
EOF
■ To run a batch SQL script, hard code the username and password as the first line of the SQL script. Then call the script with:
sqlplus @myscript.sql
When SQL*Plus is started like this, it uses the first line of the script as the username/password@connection_identifier string.
Avoid storing your username and password in files or scripts. If you do store your username and password in a file or script, ensure that the file or script is secured from non-authorized access.