?
Solved

oracle passwords in configuration files

Posted on 2014-02-14
5
Medium Priority
?
553 Views
Last Modified: 2014-02-18
albeit not a DBA or developer myself, reading some security articles, it is not uncommon to find oracle DB passwords plain text within files on a servers file system. What kind of files would contain such passwords, are they those relating to the application? Do they need to be plain text or can they be protected by any other means?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 8

Assisted Solution

by:Surrano
Surrano earned 668 total points
ID: 39858584
I find this question too generic.
Oracle surely doesn't store its own passwords in plain text files; at least not since 10g.
Where apps store the passwords they need has nothing to do with Oracle. Some examples from our projects:
- some scripts store encrypted user/password pairs in a config file.
- Services running in JBoss AS access a self-developed "password safe" that contains encrypted account info not only for Oracle but all various kinds of secure identification, e.g. external systems etc.
- We have an admin user that performs changes in Oracle RDBMS if needed by a software update but its password is not stored anywhere; customers are free to change it as they wish. We simply reset it to "our little secret" password for the duration of the software update and otherwise only Customer knows what's the active password of the admin user.
0
 
LVL 38

Accepted Solution

by:
Geert Gruwez earned 668 total points
ID: 39858597
typically batch files on servers may contain passwords
it's also typical to only allow certain people on those servers

there is pro and con in every which way you store passwords
0
 
LVL 3

Author Comment

by:pma111
ID: 39858667
can you give a beginners guide to what batch files actually do to the database, what they are used for? And what file extension they have?
0
 
LVL 38

Expert Comment

by:Geert Gruwez
ID: 39858719
dos ... just plain old dos ... it still exists
http://en.wikipedia.org/wiki/MS-DOS

a batch file is just a way to start a program (and automate certain tasks)
> extension .bat or .cmd on windows

you can do anything with it
create the database, run reports, change items, destroy the database
0
 
LVL 77

Assisted Solution

by:slightwv (䄆 Netminder)
slightwv (䄆 Netminder) earned 664 total points
ID: 39858853
>>can you give a beginners guide to what batch files actually do to the database, what they are used for? And what file extension they have?

Sorry, nope.  As mentioned above:  They can do anything and everything.  That is sort of like asking for what typically can be done with a program written in C++.

Basically, Bat/Script files are just another form of programming language.

This is further complicated in Unix.  A shell script really doesn't need to have a file extension.

>> extension .bat or .cmd on windows

There is at least one other one in Windows, PS1 for PowerShell scripts.


Also mentioned above:  There is an infinite number of applications that can store config/account information in text file.  That is up to the developer of the program and can typically only be controlled if the developer works for you or you company has influence over the product.
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
In this blog post, we’ll look at how ClickHouse performs in a general analytical workload using the star schema benchmark test.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
This video shows syntax for various backup options while discussing how the different basic backup types work.  It explains how to take full backups, incremental level 0 backups, incremental level 1 backups in both differential and cumulative mode a…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question