PublicMailbox
2012-08-16 15:48:14 UTC
(I'm posting this a second time because I forgot to include the change to the "usage" info in the previous posting. Apologies for the noise)
The patch below would permit the datacopy utility to use a dash for the password in the source or destination server parameter to mean "read from standard in". For example:
datacopy -Smyserver/myusername/-/mydatabase/mytable ...
Upon finding a dash for the password, datacopy would prompt for the password and read it in.
Using a dash for a parameter to specify "read from stdin" is a typical style for many Unix/Linux utilities.
This feature is needed to prevent the security violation of putting a password on the command line (which makes it visible to ps -f in Unix/Linux). For batch (non-interactive)
jobs in an enterprise environment, this is a mandatory requirement. Using kerberos might be better, but that's a much harder change.
Ben Slade
DBA @ NCBI.NLM.NIH.gov
diff -u datacopy.c.orig datacopy.c
--- datacopy.c.orig 2011-05-16 04:51:40.000000000 -0400
+++ datacopy.c 2012-08-16 11:43:08.545352000 -0400
@@ -246,6 +246,10 @@
if (!tok)
return FALSE;
pdata->spass = strdup(tok);
+ if( strcmp(pdata->spass,"-") == 0 ) {
+ printf("Enter Source Password : ");
+ pdata->spass = gets_alloc();
+ }
tok = strtok(NULL, "/");
if (!tok)
@@ -277,6 +281,10 @@
if (!tok)
return FALSE;
pdata->dpass = strdup(tok);
+ if( strcmp(pdata->dpass,"-") == 0 ) {
+ printf("Enter Destination Password : ");
+ pdata->dpass = gets_alloc();
+ }
tok = strtok(NULL, "/");
if (!tok)
@@ -1119,6 +1127,7 @@
fprintf(stderr, "usage: datacopy [-t | -a | -c owner] [-b batchsize] [-p packetsize] [-v] [-d]\n");
fprintf(stderr, " [-S server/username/password/database/table]\n");
fprintf(stderr, " [-D server/username/password/database/table]\n");
+ fprintf(stderr, " (a dash for the password means prompt for the password and read from stdin)\n" );
fprintf(stderr, " -t : truncate target table before loading data\n");
fprintf(stderr, " -a : append data to target table\n");
fprintf(stderr, " -c : create table owner.table before loading data\n");
The patch below would permit the datacopy utility to use a dash for the password in the source or destination server parameter to mean "read from standard in". For example:
datacopy -Smyserver/myusername/-/mydatabase/mytable ...
Upon finding a dash for the password, datacopy would prompt for the password and read it in.
Using a dash for a parameter to specify "read from stdin" is a typical style for many Unix/Linux utilities.
This feature is needed to prevent the security violation of putting a password on the command line (which makes it visible to ps -f in Unix/Linux). For batch (non-interactive)
jobs in an enterprise environment, this is a mandatory requirement. Using kerberos might be better, but that's a much harder change.
Ben Slade
DBA @ NCBI.NLM.NIH.gov
diff -u datacopy.c.orig datacopy.c
--- datacopy.c.orig 2011-05-16 04:51:40.000000000 -0400
+++ datacopy.c 2012-08-16 11:43:08.545352000 -0400
@@ -246,6 +246,10 @@
if (!tok)
return FALSE;
pdata->spass = strdup(tok);
+ if( strcmp(pdata->spass,"-") == 0 ) {
+ printf("Enter Source Password : ");
+ pdata->spass = gets_alloc();
+ }
tok = strtok(NULL, "/");
if (!tok)
@@ -277,6 +281,10 @@
if (!tok)
return FALSE;
pdata->dpass = strdup(tok);
+ if( strcmp(pdata->dpass,"-") == 0 ) {
+ printf("Enter Destination Password : ");
+ pdata->dpass = gets_alloc();
+ }
tok = strtok(NULL, "/");
if (!tok)
@@ -1119,6 +1127,7 @@
fprintf(stderr, "usage: datacopy [-t | -a | -c owner] [-b batchsize] [-p packetsize] [-v] [-d]\n");
fprintf(stderr, " [-S server/username/password/database/table]\n");
fprintf(stderr, " [-D server/username/password/database/table]\n");
+ fprintf(stderr, " (a dash for the password means prompt for the password and read from stdin)\n" );
fprintf(stderr, " -t : truncate target table before loading data\n");
fprintf(stderr, " -a : append data to target table\n");
fprintf(stderr, " -c : create table owner.table before loading data\n");