调试经验——Batch文件中使用系统变量替代明文密码，提高安全性

问题描述：

在batch文件中，使用SQLPLUS登录数据库，其中包含用户名和密码。目前，密码是以明文的方式记录在batch文件中的。从安全性角度而言，这样不利于保护数据库的登录密码。

解决方法：

建立系统变量，将明文密码保存在系统变量的值中。然后在batch文件中引用该变量即可，如：

sqlplus testSchema@testConnectIdentifier/%testPassword% @"C:\testFolder\testControlFile.ctl"

其中，testPassword为在Windows中创建的系统变量。在batch文件中，使用一对百分号（%%）引用环境变量的值。

参考资料：（来自SQLPLUS Reference Guide）

Program Argument Security
Some operating systems allow any user to see what programs are being run. If the display also shows command-line arguments, it may be possible to view the usernames and passwords of other SQL*Plus users.
For example, on many UNIX or Linux systems the ps command shows program arguments. To stop passwords being displayed depends on how you use SQL*Plus.
■ To run SQL*Plus interactively, always wait for SQL*Plus to prompt for connection information, particularly your password.
■ To run a batch SQL script from a UNIX shell script, set environment variables MYUSERNAME and MYPASSWORD to the appropriate values. Run a shell script containing:
sqlplus /nolog <<EOF
connect $MYUSERNAME/$MYPASSWORD
select ...
EOF
■ To run a batch SQL script, hard code the username and password as the first line of the SQL script. Then call the script with:
sqlplus @myscript.sql
When SQL*Plus is started like this, it uses the first line of the script as the username/password@connection_identifier string.
Avoid storing your username and password in files or scripts. If you do store your username and password in a file or script, ensure that the file or script is secured from non-authorized access.