we are connecting to oracle using korn shell scripts, which use sqlplus to connect to oracle. the oracle database is on the same Solaris box. Currently, we are storing oracle user id and passowrd (plain text) in a file in the .ssh folder of the connecting user, with 400 permission bits.
The DBAs are objecting to this way of working, citing the fact that we are using plain text password for authentication. When we offered that we'd encode the password using base64, they still didnt like the idea, citing that we'd still decrypt the password in the shell script and transmit the password over network.
Now, I want to understand this-
I have been reading that oracle encrypts/hashes the password string, before transmitting it. I cant find the reference right now though, however, I still want to confirm my understanding. Is it really like this ? we are on 11g r2, would that make a difference ?
would i be able to login to sqlplus without decrypting the password hash ? e.g. DBAs set a password, pass on the hash to me. I put that in a file, and supply to sqlplus as a parameter. Is there some way by which this kind of authentication work ? I know some tools do allow that, if you encode using their tool, they are able to decrypt the value and use it for authentication. does oracle ??
Help me fellas..