Archives of the TeradataForum
Message Posted: Fri, 03 Oct 2003 @ 16:52:15 GMT
We are taking over a warehouse implementation that is solely based on mload scripts. The problem is that the scripts are generated dynamically and put the Teradata username and password into the script in plain text. This undermines the whole point of encrypting the username and password on the server to begin with, IMO.
There are three scripts involved:
1. The Primary script that sets environment variables and controls the rest of the process
2. A generic script that generates an Mload script based on the variable settings in the primary script
3. The generated mload script from the generic script.
The main process is a "loader" script that calls a secondary script who's sole purpose is to generate an mload script based on environment variables that are set in the "loader" (log and table names are dynamic to some extent, etc). The very first line it writes out to the mload script if a full logon in the usual format of (.logon dev/name, pwd;)
Once the mload script is generated, the "loader" script executes the mload script it just generated via:
mload -b <$SCRIPT_DIR/loadit.mls > $LOGS_DIR/logit.log. 2>&1
I could re-write all the processes to put the mload into a ksh format, etc, but we're talking about several hundred scripts, so I'd like to change as little as possible here. Any suggestions on a low impact change that would allow us to keep the password secure? Please let me know if more information is required.
|Copyright 2016 - All Rights Reserved|
|Last Modified: 28 Jun 2020|