X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-1.2 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,SPF_HELO_PASS,TW_QL,T_RP_MATCHES_RCVD,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: sourceware.org Message-ID: <29725859.post@talk.nabble.com> Date: Thu, 16 Sep 2010 00:59:15 -0700 (PDT) From: delbydev To: cygwin AT cygwin DOT com Subject: Re: Security Warning: Re: Behaviours of Terminal Versus Script when using "<<" In-Reply-To: <4C9122C1.7040902@towo.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit References: <29720777 DOT post AT talk DOT nabble DOT com> <4C9122C1 DOT 7040902 AT towo DOT net> X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Hello Thomas Noted and already accounted for - was just avoiding confusing the actual issue The way I approach this is as follows Create a directory e.g. .myconns in my home directory with 700 chmod permission In my .profile (or equivalent) export SQLORACLE"=${ORACLE_HOME}\\bin\\sqlplus.exe -s /NOLOG " export CONNHOME=${HOME}/.myconns REPCONNFILE=${CONNHOME}/.connrep.sql; echo conn myuser/mypass AT mydbhost > ${REPCONNFILE} chmod 600 ${REPCONNFILE} export mydbconn="${SQLORACLE} @${REPCONNFILE}"; so in the .myconns directory is the connection string - the /NOLOG switch prevents sqlplus from actually trying to connect from the shell command level. the relevant connection is picked up in the REPCONNFILE so a ps will only ever show the value (path) of the REPCONNFILE so I can reuse new existing database darter #!/bin/bash echo My DB Time Fetcher > /tmp/myresults.txt date >> /tmp/myresults.txt ${mydbconn} << FINGather >> /tmp/myresults.txt alter session set nls_date_format = 'yyyy-mm-dd hh24:mi:ss'; select sysdate from dual; FINGather The issue is the cmd shell does not handle the inheritance of variables from the shell to a script without making explicit call within the script to bind the variables e.g #!/bin/bash . ~/.profile echo My DB Time Fetcher > /tmp/myresults.txt date >> /tmp/myresults.txt ${mydbconn} << FINGather >> /tmp/myresults.txt alter session set nls_date_format = 'yyyy-mm-dd hh24:mi:ss'; select sysdate from dual; FINGather The mintty terminal handles this fine as per Typical true bash environments on UNIX servers - the cmd shell seems to require another configuration to enable variables to be inherited in a script from the outer shell - this I don't presently know how Thanks for mentioning and hope the forum can use some of this for their own developments Thomas Wolff-3 wrote: > > Am 15.09.2010 19:18, schrieb delbydev: >> Hello >> Have hunted all over for this one but it seems no one else has reported >> the >> issue - maybe because they don't use the feature or there is something >> awry >> with my installation >> >> I write scripts that dart in and out of databases >> >> I bind my Oracle connection string into a number of variables in my >> .profile >> >> ORACLE_HOME='c:\\Oracle\\product\\11.2.0\\dbhome_2' export ORACLE_HOME >> mydbconn="${ORACLE_HOME}\\bin\\sqlplus -s mydbuser/mydbpass AT mydbhost" >> export >> mydbconn >> >> so when I want to dart into the database - I perform the following from >> the >> terminal command line >> ${mydbconn} >> ... > Not answering your question (others did), but be aware: > It is a very, very bad idea in general to place a password on the > command line because every user on your machine can see your password. > Do this on your home machine for testing only. > ------ > Thomas > > -- > Problem reports: http://cygwin.com/problems.html > FAQ: http://cygwin.com/faq/ > Documentation: http://cygwin.com/docs.html > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > > > -- View this message in context: http://old.nabble.com/Behaviours-of-Terminal-Versus-Script-when-using-%22%3C%3C%22-tp29720777p29725859.html Sent from the Cygwin list mailing list archive at Nabble.com. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple