How can I start an SQL*Plus batch without showing the id/password on the command line ?

The Oracle (tm) Users' Co-Operative FAQ

How can I start an SQL*Plus batch without showing the id/password on the command line ?

This is predominantly a unix-based issue, since anyone with a login account on the server where oracle is running can typically run a 'ps' command and see the user name and password of any sqlplus sessions that are active

Some options you can use to avoid this are:

• Use OS accounts

  Presuming you are logging in to the unix box as "oracle", you can create an account "OPS$ORACLE" as being "IDENTIFIED EXTERNALLY". Once this is done, then connections can be done as:

  sqlplus / @script_to_run
  

• Use "internal" or a dummy account, then change

  In this situation you connect initialy as internal (this does not expose any passwords since only people with the appropiate unix privileges will be able to do this), and then optionally within the SQL script that you wish to run, for example:

  sqlplus internal @script_to_run
  where "script_to_run" contains "connect myuser/mypass" as the first line
  

  The dummy account option is to create a well-known account such as "dummy/dummy" that only has create session privileges. It could be argued that this is still a security risk since so many objects are typically granted select/execute/etc to public nowadays.

• (8i) Use /NOLOG

  Same as above, but from 8i, you can start SQL Plus without establishing a connection

  sqlplus /NOLOG @script_to_run
  

• Use standard input

  In the absence of any other instructions, SQL Plus will take the username and/or password from standard input, for example

  !/bin/ksh
  print mypassword | sqlplus username @script_to_run
  

A C program (hide.c) used to be published on Metalink which would allow you to hide passwords from the process listing. Whilst its probably still there somewhere, its easier to use one of the options presented above.

Further reading: N/A