I've just spent the better part of a week securing my "external" database scripts that reside on our production server. Well...actually just securing scripts for one of the databases which I administer. I inherited this particular database from a previous DBA and it has been in place for quite some time now. There were many legacy standards in place when I took over the administration of the database. Unfortunately, clear-text passwords within external database scripts were an issue.
I've got several scheduled jobs which run these external scripts each night for synchronizing data and so forth. Now that I am tasked with "hardening up" the security on the database, I've got to address such issues as clear-text passwords. Therefore, I began by doing some research to see how others were taking care of the issue. I really did not find many clues besides the old "connect up without a password as SYSDBA". That is definitely one way to get around storing a clear text...but then again, I do not want to run these scripts as a DBA.
The solution I came up with is a java program which I wrote that reads in an external property file with connection details in an encrypted format, and then that decrypts the details and connects to the database. I've got an OS batch job which invokes the java program, and that program then makes a database connection and runs the specified script.
VIOLA...I solved my problem of storing clear text passwords since I can now store them in an encrypted format. But, am I any more secure than I was before I wrote the java utility? I think not...if someone hacks into the server, then what is to stop them from modifying my external script to do something undesirable? I guess we just create a "dumb" user who has privileges to run such tasks on an as-needed basis. That way if someone modifies the script, then hopefully my "dumb" user account will not have privileges to harm the database.
OK...but now while we are on the subject of hackers gaining access to the database server, what is to stop them from cracking the security and obtaining access to such files as the alert log, or even worse...my backups!
We can keep on going....so it begs the question...is my database safe?