Security Warning: Re: Behaviours of Terminal Versus Script when using "<<"

delbydev derrin@usa.net
Thu Sep 16 11:10:00 GMT 2010 

Hello Thomas

Noted and already accounted for - was just avoiding confusing the actual
issue

The way I approach this is as follows
Create a directory e.g. .myconns in my home directory with 700 chmod
permission
In my .profile (or equivalent)


export SQLORACLE"=${ORACLE_HOME}\\bin\\sqlplus.exe -s /NOLOG "
export CONNHOME=${HOME}/.myconns
REPCONNFILE=${CONNHOME}/.connrep.sql;
echo conn myuser/mypass@mydbhost > ${REPCONNFILE}
chmod 600 ${REPCONNFILE}
export mydbconn="${SQLORACLE} @${REPCONNFILE}";

so in the .myconns directory is the connection string - the /NOLOG switch
prevents sqlplus from actually trying to connect from the shell command
level. the relevant connection is picked up in the REPCONNFILE

so a ps will only ever show the value (path) of the REPCONNFILE
so I can reuse new existing database darter

#!/bin/bash 
echo My DB Time Fetcher > /tmp/myresults.txt 
date >> /tmp/myresults.txt
${mydbconn} << FINGather >> /tmp/myresults.txt
alter session set nls_date_format = 'yyyy-mm-dd hh24:mi:ss';
select sysdate from dual;
FINGather

The issue is the cmd shell does not handle the inheritance of variables from
the shell to a script without making explicit call within the script to bind
the variables

e.g 

#!/bin/bash 
. ~/.profile
echo My DB Time Fetcher > /tmp/myresults.txt 
date >> /tmp/myresults.txt
${mydbconn} << FINGather >> /tmp/myresults.txt
alter session set nls_date_format = 'yyyy-mm-dd hh24:mi:ss';
select sysdate from dual;
FINGather

The mintty terminal handles this fine as per Typical true bash environments
on UNIX servers
- the cmd shell seems to require another configuration to enable variables
to be inherited in a script from the outer shell - this I don't presently
know how

Thanks for mentioning and hope the forum can use some of this for their own
developments



Thomas Wolff-3 wrote:
> 
>   Am 15.09.2010 19:18, schrieb delbydev:
>> Hello
>> Have hunted all over for this one but it seems no one else has reported
>> the
>> issue - maybe because they don't use the feature or there is something
>> awry
>> with my installation
>>
>> I write scripts that dart in and out of databases
>>
>> I bind my Oracle connection string into a number of variables in my
>> .profile
>>
>> ORACLE_HOME='c:\\Oracle\\product\\11.2.0\\dbhome_2' export ORACLE_HOME
>> mydbconn="${ORACLE_HOME}\\bin\\sqlplus -s mydbuser/mydbpass@mydbhost"
>> export
>> mydbconn
>>
>> so when I want to dart into the database - I perform the following from
>> the
>> terminal command line
>> ${mydbconn}
>> ...
> Not answering your question (others did), but be aware:
> It is a very, very bad idea in general to place a password on the 
> command line because every user on your machine can see your password. 
> Do this on your home machine for testing only.
> ------
> Thomas
> 
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/Behaviours-of-Terminal-Versus-Script-when-using-%22%3C%3C%22-tp29720777p29725859.html
Sent from the Cygwin list mailing list archive at Nabble.com.


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list