Is a Windows Server OS 2003/2008.
The problem - a shell scripts (*.BAT/*.CMD files) sometimes contains a string like this:
db2 connect MyDbName user MyDbUsername using MyDbPassword
We need to hide any such "security-sensitive" information from scripts.
Is not allowed to store password in a clear-text in scripts.
Please note: we already have a TXMON.INI file which contains encrypted password. And I can program a simple tool which can decode that password but...
... the question is - how exactly to feed the "DB2 connect ..." command line with a decrypted password
On UNIX/Linix I know - there is an ability to substitute a part of command line with StdOut from some application (using apostrophe char). So, on Linux it could sounds like this (this example command is not related to db2, is just to show an approach - instead of command enclosed in `` Linux shell inserts StdOut of a command inside a ``):
tar cvf - `find ./ -name ?akefile 2>/dev/null` | gzip -9c > backup.tar.gz
But I do not know - how to do it on Windows? Is it possible at all?
If yes - how exactly? If not - what other options we may have to solve this?
Note: is not ok to use PowerShell. Is only ok to use standard Windows CMD. Or even better to say - is only ok to use DB2CMD (which is a kind of wrapper over Windows CMD).
Note: is not ok to enforce user to enter password anytime script is running. Because in most cases scripts should run automatically without human assistance.
Note: is not ok to use ""db2 connect ..." command without credentials(!). Because a logged user credentials are not always match a correct database account. But however scripts should still works fine in such cases.