Connecting to database,expdp without supplying username/password

  Configuring client to use external password Store



Saving password in a plain text file is a security risk and SOC will not accept using clear text password in scripts. This can be solved by using external password stores. Utilities like sqlplus,expdp,etc can pass db connection string to connect to database.

There are four steps to achieve this

  1. Create a TNS entry

  2.  Add necessary entries in sqlnet.ora

  3. Create wallet

  4. Add/Create credential



  1. Create a tns entry (this is going to be used while connecting to the database )


tnsnames.ora


exp_bkp=

(DESCRIPTION =

    (ADDRESS = (PROTOCOL = TCP)(HOST = hol)(PORT = 1521))

    (CONNECT_DATA =

      (SERVER = DEDICATED)

      (SERVICE_NAME = PDB_TST)

    )

  )







2 Modify sqlnet.ora



WALLET_LOCATION =

 (SOURCE = (METHOD = FILE)

 (METHOD_DATA =

 (DIRECTORY = /home/oracle/19_hm_2/wallet)))


SQLNET.WALLET_OVERRIDE = TRUE


SSL_CLIENT_AUTHENTICATION = FALSE





3 Create wallet


Create a directory for wallet


mkdir /home/oracle/19_hm_2/wallet 


mkstore -wrl  /home/oracle/19_hm_2/wallet -create



Keep the wallet password safe(it's required to manage wallet)


Use -listCredential to list existing credentials in the wallet

mkstore -wrl /home/oracle/19_hm_2/wallet -listCredential


4. Add credential with the same name as previously created tns alias


mkstore -wrl /home/oracle/19_hm_2/wallet -createCredential exp_bkp system <password>




Now @exp_bkp can be used in connection(this will connect as system user)


This way db_connect_string(ie: exp_bkp) can be used for any user 


Connect to the database


sqlplus /@exp_bkp




Now expdp can be run using connection aliases. This will eliminate need to save password in the script or parameter file


expdp /@exp_bkp schema=HR



Configuring a Client to Use the External Password Store

 

Comments

Post a Comment

Popular posts from this blog

APP-FND-01436: List of Values cannot find any values for you to choose error from concurrent request program parameter (R12 12.1.3)

Image
APP-FND-01436: List of Values cannot find any values for you to choose error from concurrent request program parameter After upgrading oracle application 11i(11.5.10.2) to R12(12.1.3) running concurrent program request caused this issue When concurrent program is run for a concurrent request after upgrading to R12 12.1.3 the lov, which is attached to a parameter, gives APP-FND-01436: “List of Values cannot find any values for you to choose”. When the same request is run from oracle applications 11i 11.5.10.2 the same value set is working fine. The value set is based on a table. If you go and test the value set query from the value set definition screen it returns complete successful message yet if you go to the parameter of the concurrent request program form where the particular value set is used it gives you the above error. After searching google and oracle support I found metalink note 1400963.1, EBS R12.1: Parameter for Concurrent Request Using Table Based LOV G...
Read more

WEB ADI - issues encountered during initial access

Image
On accessing create document link under Desktop Integrator responsibility browser was showing following error Set BNE UIX Physical Directory profile value to proper directory at site level Location = $COMMON_TOP/html/cabo/  (11i) Location = $COMMON_TOP/webapps/oacore/html/cabo/  (R12) As this was a cloned instance the value of this profile setting was pointing to a wrong location. set as BNE UIX Physical Directory /u03/oracle/prodcomn/html/cabo/ Access to functions are controlled by function security so to access and work with web adi the user should have proper access. You should have access to particular integrator to access and work with it Find out responsibility which is created to work with web adi check the main menu for this responsibility. Modify the responsibility or Menu if default is not fitting to your needs. For instance Desktop Integration Menu has create document, Define Lay out, Define Mapping, Manage Documents, Setup options Note : you...
Read more

Error processing request - Contact your application administrator apex 20.1

Image
After upgrading 11.2.0.4 to 19c with apex 20.1 accessing apex_admin/apex pages was throwing “Error processing request” Contact your application administrator. There were three invalid objects for APEX_200100 WWV_FLOW_SESSION_RAS WWV_FLOW_WIZARD_API WWV_FLOW_DATA_LOADER Tried compiling these objects but compile was completing with PL/SQL: ORA-00942: table or view does not exist To resolve the issue following rant needs to be given then compile (ran both grant and compile as sysdba) grant select on SYS.DBA_XS_DYNAMIC_ROLES to APEX_200100; grant select on SYS.DBA_TAB_IDENTITY_COLS to APEX_200100; alter package APEX_200100.WWV_FLOW_SESSION_RAS compile body; alter package APEX_200100.WWV_FLOW_WIZARD_API compile body; alter package APEX_200100.WWV_FLOW_DATA_LOADER compile body; Returned 0 invalid object for APEX_200100  select * from dba_objects where status = 'INVALID' and owner = 'APEX_200100' ; Now both admin and apex pages ar...
Read more