4 Replies Latest reply: Jan 23, 2014 4:29 PM by rmoff RSS

    ttIsql - surpress plaintext password in connect echo

    rmoff

      Hi,

       

      Is it possible to stop ttIsql echoing the password in a connection string?

       

      Example per line 7 below

       

      [oracle@rnm-ol6-2 ~]$ ttisql -connstr "dsn=tt_aggr_store;uid=exalytics;pwd=Password01"
      
      
      Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
      Type ? or "help" for help, type "exit" to quit ttIsql.
      
      connect "dsn=tt_aggr_store;uid=exalytics;pwd=Password01";
      Connection successful: DSN=TT_AGGR_STORE;UID=exalytics;DataStore=/u01/data/tt/aggregate_store;DatabaseCharacterSet=AL32UTF8;ConnectionCharacterSet=AL32UTF8;LogFileSize=1024;DRIVER=/u01/app/oracle/product/fmw/TimesTen/DEV/lib/libtten.so;MemoryLock=4;LogDir=/u01/data/tt/aggregate_store/logs;PermSize=256;TempSize=256;CkptRate=0;CkptLogVolume=0;PrivateCommands=1;RecoveryThreads=40;TypeMode=0;LogBufMB=1024;LogBufParallelism=16;
      (Default setting AutoCommit=1)
      Command>
      
      

      If I don't supply pwd in the connstr, I am prompted for it interactively, and it is not echoed (c.f. line 7 again)

       

      [oracle@rnm-ol6-2 ~]$ ttisql -connstr "dsn=tt_aggr_store;uid=exalytics"
      
      
      Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
      Type ? or "help" for help, type "exit" to quit ttIsql.
      
      connect "dsn=tt_aggr_store;uid=exalytics";
      Enter password for 'exalytics':
      Connection successful: DSN=TT_AGGR_STORE;UID=exalytics;DataStore=/u01/data/tt/aggregate_store;DatabaseCharacterSet=AL32UTF8;ConnectionCharacterSet=AL32UTF8;LogFileSize=1024;DRIVER=/u01/app/oracle/product/fmw/TimesTen/DEV/lib/libtten.so;MemoryLock=4;LogDir=/u01/data/tt/aggregate_store/logs;PermSize=256;TempSize=256;CkptRate=0;CkptLogVolume=0;PrivateCommands=1;RecoveryThreads=40;TypeMode=0;LogBufMB=1024;LogBufParallelism=16;
      (Default setting AutoCommit=1)
      Command>
      
      

      However, I need to call this from a shell script.

      I have tried using stdin redirect or pipe, both fail:

       

      [oracle@rnm-ol6-2 ~]$ cat pw.txt
      Password01
      [oracle@rnm-ol6-2 ~]$ cat pw.txt|ttisql -connstr "dsn=tt_aggr_store;uid=exalytics;"
      
      
      Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
      Type ? or "help" for help, type "exit" to quit ttIsql.
      
      connect "dsn=tt_aggr_store;uid=exalytics;";
      7001: User authentication failed
      The command failed.
      Done.
      [oracle@rnm-ol6-2 ~]$
      [oracle@rnm-ol6-2 ~]$
      [oracle@rnm-ol6-2 ~]$ ttisql -connstr "dsn=tt_aggr_store;uid=exalytics" < pw.txt
      
      
      Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
      Type ? or "help" for help, type "exit" to quit ttIsql.
      
      connect "dsn=tt_aggr_store;uid=exalytics";
      7001: User authentication failed
      The command failed.
      Done.
      [oracle@rnm-ol6-2 ~]$
      
      

       

      I've also tried using the TTISQL environment variable, but it is still echoed in the connect statement:

       

      [oracle@rnm-ol6-2 ~]$ export TTISQL='-connstr "dsn=tt_aggr_store;uid=exalytics;pwd=Password01"'
      [oracle@rnm-ol6-2 ~]$
      [oracle@rnm-ol6-2 ~]$ ttisql
      
      Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
      Type ? or "help" for help, type "exit" to quit ttIsql.
      
      connect "dsn=tt_aggr_store;uid=exalytics;pwd=Password01";
      
      Connection successful: DSN=TT_AGGR_STORE;UID=exalytics;DataStore=/u01/data/tt/aggregate_store;DatabaseCharacterSet=AL32UTF8;ConnectionCharacterSet=AL32UTF8;LogFileSize=1024;DRIVER=/u01/app/oracle/product/fmw/TimesTen/DEV/lib/libtten.so;MemoryLock=4;LogDir=/u01/data/tt/aggregate_store/logs;PermSize=256;TempSize=256;CkptRate=0;CkptLogVolume=0;PrivateCommands=1;RecoveryThreads=40;TypeMode=0;LogBufMB=1024;LogBufParallelism=16;
      (Default setting AutoCommit=1)
      Command>
      
      

       

      The only option I've found is to add the PWD to the DSN itself in sys.odbc.ini, which feels like a bit of a kludge (akin to hardcoding), and also screws things up for logging in with OS credentials. It works creating a CS DSN for the same, but still, kludgy.

       

      Any suggestions? The use case is a batch process loading data into TT, the verbose output of which is logged by Ctrl-M including the shell script echo, hence logging the password in plain-text, which is bad, m'kay....

       

      Thanks.

        • 1. Re: ttIsql - surpress plaintext password in connect echo
          Chrisjenkins-Oracle

          Thanks for bringing this to our attention. This is of course a bug and I will open a bug report for it immediately. I'm afraid there is no way to suppress this currently, sorry. When we fix the bug then the password will not be displayed.

           

          Chris

          • 2. Re: ttIsql - surpress plaintext password in connect echo
            rmoff

            Thanks Chris. Out of interest, why doesn't the pipe/redirect idea work?

            • 3. Re: ttIsql - surpress plaintext password in connect echo
              user730734

              What you are seeing is ttIsql echo'ing the connect command that was implicitly run because the "-connstr" argument was use.

              There are several workarounds I can think of.

              They mostly involve the verbosity setting.

               

              $ ttIsql -v 0 -connstr "dsn=mydsn;uid=scott;pwd=tiger"

              Command>

               

              The above (using -v 0) makes ttIsql not print out commands or output.

              So, to restore the rest of the script back to the default verbosity, make the first command in the script

              be:

              set verbosity 2

               

               

              Alternatively, you can startup ttIsql without specifying a DSN or connstr

              So if you are sending commands to ttIsql via a pipe you can send the connect command via the pipe as well.

              I use "echo"

               

              $ echo 'verbosity 0; connect "dsn=mydsn;uid=scott;pwd=tiger"; verbosity 2; select * from dual;quit" | ttIsql

               

              Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.

              Type ? or "help" for help, type "exit" to quit ttIsql.

               

               

              verbosity 0;

               

              select * from dual;

              < X >

              1 row found.

               

              quit;

              Disconnecting...

              Done.

              ----

              Or if writing in a bourne shell script (to keep the password out of the 'echo' command line as well):

              ttIsql  <<EOF

              verbosity 0; connect "dsn=mydsn;uid=scott;pwd=tiger"; verbosity 2;

              select * from dual;quit;

              EOF

               

              -Bill

              • 4. Re: ttIsql - surpress plaintext password in connect echo
                rmoff

                Spot on - thanks Bill!