Hi, hope this new ORDS release with non-sysdba installation helps?
and silent installation with parameter file:
That is really great, Paavo. It's always a rigormarole around here to adopt a new version but, if that's what we have to do, we will.
However, does the password in the input properties file for the silent installation still require a plain text password? I mean that is really the issue. Even if we don't use the actual SYS user, the installation still requires a user with a dangerous amount of privileges. Having this in plain text effectively kills this whole effort. For security reasons, we simply cannot have unencrypted passwords lying around. Like, period. Like, ever.
It seems like this is an issue for anyone trying to roll this out in a true enterprise method to enterprise volumes. This is fine so long as the rollout targets are few enough that a dedicated DBA can do each of them by hand but, this is just untenable past a certain number.
Back in the old DADS days, even then, they gave us a way to encrypt the stored passwords.
btw. I also wait what it means that the ords passwords will be in the future in the wallets, what ThatJeff mentioned in the comments in the above link.
This doesn't really help, Paavo. The article you reference is about the password that ORDS uses once it's running to connect to the database via the connection pool. We're aware that this password gets encrypted. The sticking point here is the installation password.
I have been bitten with the same fact and shared those bits and pieces which were on my learning curve, and as said those might help you (and didnt).
I am also looking to upgrade ORDS which doesn't require sysdba.
What enterprise packaging you are referring to?
We use a set of products from Jenkins called COINS (the build side) and MINDS (the deploy side).
The salient thing here is that MINDS will work as OS user X to deploy packages built up by COINS. If, within any one of those packages, there exists a plain text password, the entire automated deploy will be verboten. So, unattended with a properties file that contains the plain text password will never be allowed.
Have you (or anyone else reading this thread) ever tried to use the Bequeath method?
From the ORDS 18 docs:
...You can use the bequeath connection to install, upgrade, validate, or uninstall Oracle REST Data Services. The installer will not prompt you for the SYS username and password for the operation...
I think we’d just need to make the minds user a member of the dba group for this to work.