Hiding Passwords When Connecting to Databases

If you create an RMAN command file which uses a CONNECT command with database level credentials (user name and password), then anyone with read access to this file can learn the password. There is no secure way to incorporate a CONNECT string with a password into a command file.

It is also possible, using the ps command under Unix or some similar command under other operating systems, to view command lines and arguments entered into the shell or other host operating system command line interpreter. Therefore, it is risky to invoke RMAN with a command line like this example:

% rman TARGET sys/oracle@target

To connect to RMAN from the operating system command line and hide authentication information, you can start RMAN without connecting to databases, and then enter CONNECT commands at the RMAN prompt. You can also start RMAN without a password in the connect string, as in this example:

% rman TARGET sys@target

RMAN will prompt for a password in such a case.

If you create an RMAN command file which uses a CONNECT command that includes authentication information, RMAN does not echo the connect string when you run the command file with the "@" command. This prevents connect strings from appearing in any log files that contain RMAN output.

For example, create a command file listbkup.rman which reads:

CONNECT target sys/oracle@target
LIST BACKUP;

Then execute this script by running RMAN with the @ command line option:

% rman @listbkup.rman

When the command file executes, RMAN replaces the connection string with an asterisk, as shown in the following output:

Recovery Manager: Release 10.2.0.1.0 - Production

Copyright (c) 1995, 2005, Oracle.  All rights reserved.

RMAN> connect target *
2> list backup;
3>
connected to target database: RDBMS (DBID=771530996)

using target database control file instead of recovery catalog

List of Backup Sets
===================
...rest of output omitted