Hiding the password

Supplying usernames and passwords on the command line is convenient. Unfortunately, this practice poses a serious security risk. With Unix, your command line may be visible to other users on the system via the ps command. For example: 

$ ps -ef | grep rman
oracle 27681 21612  3 16:54:02 pts/5 0:03 rman target /
    sys/mooft

You can see in this example that the output from the ps command shows the entire rman command, including the username and password. That’s not good! Fortunately, there is a way around having your password show up in the process status output. Don’t specify connection information while at the O/S prompt, but connect after an RMAN session as been initiated. For example: 

$ rman nocatalog
Recovery Manager: Release 9.0.1.0.0 - Production

RMAN> connect target / sys/mooft@brdstn

connected to target database: BRDSTN (DBID=664610428)
using target database controlfile instead of recovery catalog

Connecting to the database after RMAN has been invoked prevents any password information from showing up in a process list.

Get Oracle RMAN Pocket Reference now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial