Feedback
 
Did this article resolve your question/issue?

   

Your feedback is appreciated.

Please tell us how we can make this article more useful. Please provide us a way to contact you, should we need clarification on the feedback provided or if you need further assistance.

Characters Remaining: 1025

 


Article

How to hide sqlexp password in Unix process output?

« Go Back

Information

 
Article Number000064248
EnvironmentProduct: OpenEdge
Version: 11.x
OS: AIX 64-bit
Question/Problem Description
How to hide a user's password when running sqlexp from command line on a Unix machine, so it does not appear in a ps listing?
How to hide a user's password when running SQL Explorer?

For example:

This is what the sqlexp login looks like in the Unix 'ps' output:

USER      PID     PPID     TT     ELAPSED        TIME COMMAND
    root 26476640 18612938 pts/24       05:41    00:00:01 /dlc/pro113/jdk/jre/bin/java -classpath /dlc/pro113/jre/lib/i18n.jar:/dlc/pro113/jdk/lib/tools.jar:/dlc/pro113/java/progress.jar:/dlc/pro113/java/messages.jar:/dlc/p ro113/java/rmi.zip:/dlc/pro113/java/prowin.jar:/dlc/pro113/java/openedge.jar -ms8m -mx25m -Djava.security.policy=/dlc/pro113/java/java.policy -DInstall.Dir=/dlc/pro113_3_05 -cp /dlc/pro113_3_05/java/progress.jar:/dlc/pro113_3_05/java/base.jar:/dlc/pro113_3_05/java/openedge.jar:/dlc/pro113_3_05/java/ut il.jar: com.progress.sql.explorer.SQLExplorer -db dbname -H hostname -S portnumber -sqlverbose -user a123456 -password XXXXXX

Notice the -password at the end.

This is how an ABL connection looks:

a123456 35389832        1 pts/17    21:26:26    00:00:24 /dlc/pro113/bin/_prohlc -U a123456 -P        -p procedurename.p -b

Notice how the -P is blanked-out.

It would be nice if the sqlexp sessions could hide the password as well.
Steps to Reproduce
Clarifying Information
Error Message
Defect/Enhancement NumberEnhancement
Cause
This is expected behavior. SQL Explorer is not designed to hide passwords. 
Resolution
It was determined that the Progress Product is functioning as designed.

An enhancement request has been submitted as an Idea on the Progress Community.  To promote the Idea, click on this link: https://community.progress.com/tags/sql+sqlexp+password+security .  Customer feedback is valuable and Idea submissions are monitored by our Product Management team.  Enhancement requests are reviewed during the planning phase of each new product release and a list of the enhancements chosen for implementation can be found in the Release Notes documents that accompany each release.  Once an Idea is submitted the Progress Software Community will have the opportunity to comment on and vote for the Idea.
 
For detailed information on how to submit an Idea, please refer to Knowledge Base article 000010839, How to submit an idea for a Progress product enhancement (embedded video).

This enhancement has not been implemented in the product.  As an alternative use the workaround below.
Workaround
For OpenEdge 11.7.3 and higher: 
 
  • Prompt for password — The -password option of SQL Explorer was mandatory when it was used along with -useroption. Now this is optional. The SQL Explorer ulitily prompts for password when it is not provided in the command line. While typing, the password is neither visible in the console and nor viewed by any operating system utility.

    Below is a hypothetical example.

    proenv>sqlexp -db <dbname> -S <host> -user <user>

    Password for <user> to access <hostname>:<port>:<dbname>

  • Using sqlexp in batch mode — SQL user can redirect the output of echo / cat command to sqlexp via ‘pipe’ (‘|’). This option is less secure than above one.

    Below is a hypothetical example.

    echo mypassword | sqlexp -db <dbname> -S <port> -user <user_name> -infile <sql_script> -outfile<sql_output>

  • Using genpassword utility — This option is for those who want to use the command line to provide the password. Use genpassword utility to generate an encrypted password instead of using the actual password. Then use the encrypted password in the SQL Explorer tool.

    If the password is test for user userA then use genpasword utilty to get OECH1 encrypted pasword for test.

    genpassword -password test

    <encrypted password>

    You can take the encrypted password and prefix with oech1:: and supply that to -password option of sqlexp

    Below is a hypothetical example.

    sqlexp -db <dbname> -S <port> -user userA -password oech1::<encrypted password>

Notes
Progress Article(s):

000010496, Can the values of -U and -P be encrypted?


References to Other Documentation:

Securely specifying a password in SQL Explorer
https://docs.progress.com/bundle/develop-openedge-sql/page/Securely-specifying-a-password-in-SQL-Explorer.html
Attachment 
Last Modified Date5/31/2019 9:15 PM