From: Jeremy on 16 Jan 2010 15:30 In article <4b5212b2$0$2864$ba620e4c(a)news.skynet.be>, ghp(a)skynet.be says...> > Jeremy schreef: > > Hi, real simple question and one I suspect the answer to which is "no". > > > > Can you create sqlplus scripts with "conditions" such that if for > > example a SQL statement returns a particular value or error condition > > then path A or path B is followed? > > > > I start sqlplus from a ksh script as a job, send queries to it and read > the answers. ksh, which is also a full programming language, takes the > decisions about how to continue. Would this be through multiple invocations of sqlplus? -- jeremy
From: Mladen Gogala on 16 Jan 2010 15:32 On Sat, 16 Jan 2010 20:28:55 +0100, Gerard H. Pille wrote: > I start sqlplus from a ksh script as a job, send queries to it and read > the answers. ksh, which is also a full programming language, takes the > decisions about how to continue. That is, of course, a dangerous baloney wasting system resources. Neither Korn shell nor Bash are the full fledged programming languages and adding sqlplus in the mix guarantees security breaches. When I encounter a site like that, the first thing I do is the following: egrep -i "sqlplus|connect" *.sh The result usually contains username and password combinations for the most important schemas, the ones with the real company data. Sometimes, the developers have a cunning plan and do something like this: export CONNECTSTRING="scott/tiger(a)local" and further down the script one can find sqlplus $CONNECTSTRING << EOF Well, guess what? I can get the content of that because I can open and inspect the script. Even simpler, "ps -el|grep sqlplus>/tmp/owt.lis" will reveal all the passwords. Just let me access the database server for 10 minutes and I'll collect your most important passwords. In addition to that, activating programs is a rather expensive operations. Shell does that at every turn: sqlplus, sed, ls, grep and awk are separate programs which have to be found by shell, access rights checked, all the dynamic libraries checked and loaded, which takes time and resources. The real solution for scripting is using a real scripting language, like Perl, PHP or Python. Concoctions with shell and sqlplus are cumbersome, hard to read and insecure. -- http://mgogala.freehostia.com
From: Jeremy on 16 Jan 2010 15:37 In article <hit7pa$phc$5(a)solani.org>, gogala.mladen(a)gmail.com says...> > On Sat, 16 Jan 2010 20:28:55 +0100, Gerard H. Pille wrote: > > > > I start sqlplus from a ksh script as a job, send queries to it and read > > the answers. ksh, which is also a full programming language, takes the > > decisions about how to continue. > > That is, of course, a dangerous baloney wasting system resources. Neither > Korn shell nor Bash are the full fledged programming languages and adding > sqlplus in the mix guarantees security breaches. When I encounter a site > like that, the first thing I do is the following: > > egrep -i "sqlplus|connect" *.sh > > The result usually contains username and password combinations for the > most important schemas, the ones with the real company data. Sometimes, > the developers have a cunning plan and do something like this: > > export CONNECTSTRING="scott/tiger(a)local" > > and further down the script one can find > > sqlplus $CONNECTSTRING << EOF > > Well, guess what? I can get the content of that because I can open and > inspect the script. Even simpler, "ps -el|grep sqlplus>/tmp/owt.lis" will > reveal all the passwords. Just let me access the database server for 10 > minutes and I'll collect your most important passwords. In addition to > that, activating programs is a rather expensive operations. Shell does > that at every turn: sqlplus, sed, ls, grep and awk are separate programs > which have to be found by shell, access rights checked, all the dynamic > libraries checked and loaded, which takes time and resources. > > The real solution for scripting is using a real scripting language, like > Perl, PHP or Python. Concoctions with shell and sqlplus are cumbersome, > hard to read and insecure. All of the above may well be true, however if you are just trying to automate a simple task which involves running a specific set (depending on some conditions in the database for example) of .sql files on demand by the DBA then this may well be the simplest way of achieving the objective. -- jeremy
From: Gerard H. Pille on 16 Jan 2010 16:39 Mladen Gogala schreef: > On Sat, 16 Jan 2010 20:28:55 +0100, Gerard H. Pille wrote: > > >> I start sqlplus from a ksh script as a job, send queries to it and read >> the answers. ksh, which is also a full programming language, takes the >> decisions about how to continue. > > That is, of course, a dangerous baloney wasting system resources. Neither > Korn shell nor Bash are the full fledged programming languages and adding > sqlplus in the mix guarantees security breaches. When I encounter a site > like that, the first thing I do is the following: > Please, Mladen Gogala, why don't you shut up about things you know nothing about?
From: Mladen Gogala on 16 Jan 2010 16:49
On Sat, 16 Jan 2010 22:39:24 +0100, Gerard H. Pille wrote: > Please, Mladen Gogala, why don't you shut up about things you know > nothing about? Because I've written many scripts using ksh, bash and DCL as well Perl and PHP and because I actually know a bit about Oracle. -- http://mgogala.freehostia.com |