This bounty has ended. Answers to this question are eligible for a +100 reputation bounty. Bounty grace period ends in 13 hours.
Lieven Cardoen is looking for an answer from a reputable source.
I'm using oradim to create an instance. Althoug it works, when I use a space in the password, the command gives me next warning or error:
There must be no spaces around the equal-to (=) character.
Instance created.
The command I'm using is:
oradim -new -sid dbname -intpwd "S sypass123!" -startmode auto -srvcstart system -pfile C:\Oracle\19c_server\database\database\initdbname.ora
The sys user does seem to be created with that password, but do I need to worry about that error/warning message?
The message is coming from the orapwd command, which is used under the hood during database creation to create the external password file for SYS authentication. I'm not sure it has anything to do with your actual password, as that isn't included in that command. I'd have to see the specific command being generated, as well as the associated create database SQL command where the SYS password is actually set.
That said, using special characters in Oracle passwords is always a bit of a crap shoot. Success (or failure) depends very much on the specific tools being used, how they present the connection request to Oracle, and whether or not use of a command-line shell is involved (as when using sqlplus or sqlcl). Different operating systems react differently to specific characters that may be reserved or have special meaning (like "!", "$", "%", or "&"). I've worked with dozens of different OS variations over the years, and the only special character that seems to work universally across all of them, regardless of the tool or UI, is the underscore: "_".
It probably has to do with how DOS handles parameters. Following works:
oradim -new -sid dbname -intpwd "\"S sypass123!\"" -startmode auto -srvcstart system -pfile C:\Oracle\19c_server\database\database\initdbname.ora
Related
I am working on code which runs sql scripts with SqlPlus. Most of the scripts have DDL in them, which requires a / (forward slash) to run the buffer. Some of the scripts are missing the slash. I have tried running the script like #script.sql and then /, but it sometimes tries to create something twice. I want to run the show errors command at the end as well, and sometimes that caused trouble for me if the / was missing.
So, I changed to #script . (period) show errors. This works when the / is present in the file, but now if the / is missing in the file, if messes up by not creating the object.
We tried to have some logic to check for ends with / in the file, but that is a messy option in my opinion. I had false positives, and it isn't a perfect solution.
I thought about trying to run with another tool, but since the company I work for has released this already, and customers expect it to run with sqlplus, and may include commands that only work in sqlplus; that are not JDBC compliant, I don't think that is an adequate solution.
I am thinking now that if I could check if / had been run on the current buffer and do / only if it had not, that would be a great solution, perhaps perfect, but I can't find any documentation that such a command exists. Is there another way to solve the problem? Does such a command exist?
Thanks!
SQLPlus is pretty limited. There's no control mechanism to do an IF/THEN even if you determine whether the buffer had been sent.
One thing you can do is, before a script is run, you call
exec begin raise login_denied; end;
After the script, call
#show sqlcode
If that still shows 1017 (the error code for login_denied), then you can be pretty sure that the script didn't execute any SQL statement. You can use a user defined error code if you prefer, such as raise_application_error(-20123,'dummy');
Note that I included a # prefix in the show statement. That runs the command without affecting the contents of the buffer so if you find nothing has been executed, you could try running the buffer contents with the slash.
If you have a single script that contains multiple DDLs (eg a table plus indexes/grants/constraints...) then you still run the risk of not running a final command if it didn't have the slash.
So I have recently begun using the terminal on my Macbook air and was wondering if anyone could provide an explanation of the first 2 lines that pop up when you open Terminal. They are as follows:
Last login: Sat Feb 20 11:53:48 on ttys000
emilys-iphone-2:~ AidanTakami$
More specifically, who is emily and why is her iPhone shown on my terminal?
You will find no other piece of software on your macbook that allows you to do more than the terminal. It may not seem like it at first, looking at that simple prompt, but the terminal literally gives you the keys-to-the-kingdom.
That said, back to your two lines. The first is a standard login response telling you when and from where your user last logged into that machine (the data is usually read from /var/log/wtmp, see man last).
The second line, your prompt, is controlled by the PS1 shell variable (see man bash (or your shell's manual)). It can be configured to your liking using the various well-documented escape codes and any constant data you include. You can temporarily change the prompt by simply typing PS1=<your wanted string>. A helpful link is Prompt magic - IBM. My favorite is PS1="\[\e[0;37m\]\D{%R}\[\e[1;34m\] \h:\w> \[\e[0m\]", which results in a prompt containing the time , hostname and path information. (in a form that can be cut-and-pasted for shell operations (e.g. cp, mv, ssh, rsync, etc...) :
14:25 alchemy:~/dev/src-c/tmp/refmt>
(note: you can adjust the colors by changing the escape codes to set the color of choice. Also above \D{%R} is the formatted time, \h is the hostname and \w is the path information. The remaining escapes set the colors and \[\e[0m\] terminates a sequence of escape codes (necessary so the proper prompt length can be computed by the shell))
There are a number of shell variables that control how the PS1 prompt behaves, such as PROMPT_DIRTRIM (which controls how many directory levels are shown in the path component if included) This information is available in your shell's manual page. You can also set separate prompts for each user. For example, for root I generally use, PS1="\[\e[1;34m\][\[\e[1;31m\]\A \[\e[1;34m\]\h\[\e[0;31m\]:\w\[\e[1;34m\]] # \[\e[0m\]" which provides immediate visual indication that I am working as root (so you can do what you need, and quickly exit to your normal user again). e.g.:
[14:27 alchemy:.../src-c/tmp/refmt] #
To make your prompt changes permanent, set the desired value in your startup file (like in your ~/.bashrc for your individual user, or in the system startup file for all users)
Hope this has helped.
I manage my accounts for websites with KeePass. This tool generates highly complex passwords, such as d,ªL¹(ç,z/¬gSÑ~}ÄwÚÆ¡íµ¯ó]ó6õ?Ô£fß,.
Such a complex password I use for example for Red Hat’s OpenShift website.
OpenShift servers/applications can be managed best by using their rhc command line tool.
Now, while running rhc setup I have to enter my password. So I copy it into the clipboard and paste it into the shell, where rhc sits and waits for my PW. However, the password won’t get accepted.
The process of pasting probably causes some changes. I already tried doing chcp 1252 and chcp 65001 before running rhc setup. Unfortunately this also didn’t help. The only way to get it running was changing my password to a trivial one on the OpenShift website, then doing the setup, and then changing the password back to a complex one.
Anyways, now I want to log in to my applications via rhc ssh, which is asking for the password of my ssh keys. And as everyone can guess, my ssh key is protected by a password in the style above. This is no problem because pasting such passwords into Putty or other GUI applications works great.
So I wonder: is there a way how I can do safe pasting into windows shells?
I commend you on your passwords!
There's two major possibilities:
Some characters need to be escaped
Shift to a longer password without the escape-requiring characters
Escape the characters!
Code page fun, i.e. some characters are being transformed
Figure out the mapping and duplicate your KeePass entry with one that will map to the correct values for that login type
Shift to a longer password without the escape-requiring characters
Assuming your password (unlikely) is a 35 character password using all 256 possible 8 bit values, that's a maximum exhaustive keyspace of 256^35, roughly 2E84 or 2^280. You can achieve a slightly higher maximum exhaustive keyspace with a password of 43 charactres containing Upper, Lower, Number, and normal US keyboard symbols (94^43), or 48 characters containing Upper, Lower, and Number (62^48).
The Upper, Lower, Number password of length 48 shouldn't cause any problems with escaped characters, and is far less likely to cause problems with code page transforms.
Note that both of those are likely to be superior against the edge case of an attacker who knows which characters were actually used :).
Note also that even a 35 character password containing only Upper, Lower, and Number has a maximum exhaustive keyspace of 62^35, or 5.4E62, or 2^208; 208 bits is likely to substantially exceed the amount of security provided by your transport layer and/or their storage mechanism.
*All passwords in this math are assumed to be 100% cryptographically random!
I have a RHEL 5 system and have been trying to get a batch of 3-4 scripts each in a separate variables and they are not working as expected.
I tried using following syntax which I saw a lot of people on this site use and should really work, though for some reason it doesn't work for me.
Syntax -
testvar=`sqlplus -s foo/bar#SCHM <<EOF
set pages 0
set head off
set feed off
#test.sql
exit
EOF`
Now, I have access to the sqlplus command from the oracle bin folder and have also set the ORACLE_HOME and ORACLE_PATH variables exported (I echoed them just to ensure they are actually working).
However, I keep getting the error saying - "you need to set EXPORT for ORACLE_HOME" even though I have confirmed from everyone that I am indeed using the correct path.
Another question I have is once I get the script output (which is numeric number in bits or bytes) value in a variable (There will be 4-5 variables as there are 4-5 scripts), how do I convert into human readable output in either MBs or GBs.
Please guide me on this and I assure you that I will post everything here so that someone in future if gets stuck at the same issue, doesn't have waste time. (and your precious time won't go bad either...)
Thanks in advance,
Brian
I understand the difference between ASCII mode vs binary when it comes to FTP, but what I don't understand is why there is even a need for ASCII mode at all? Is this just a legacy thing that used to save time by eliminating the most significant bit, therefore causing the overall speed of the transfer to increase by 1/8th? Or is there some hidden use for it that I don't know about?
I've encountered many problems because I would forget to switch the mode to bin when transferring text between different OS's. I don't understand why "bin" isn't just the default for everything, especially with today's much faster internet speeds.
Knowwutimean, Vern?
ASCII mode exists so you can get the right answer when you upload a text file to a remote system without having to know what the line termination or character set conventions are for that system. It was more important when transferring text files was more often done via FTP than, say, email.
To address your practical problem: check the documentation for both your FTP client and server(s) to see if there's a way to set ASCII mode by default. Often this is as simple as some kind of "profile" that sends some FTP commands every time you connect.
To address your philosophical problem: FTP is a 40 year old protocol that has its fair share of historical baggage. One day you'll be very glad that some protocol you depend on was standardized long ago and you can still access some old data.
I, for one, vote to eliminate ascii mode from ftp servers. Any EOL translation can be done by applications consuming the files, and many apps today understand both EOL types anyway. At a minimum, I'd like to see servers switch to using binary by default, and only use ascii if requested.
One scenario of practical use of ASCII mode is to upload PHP or Perl or similar scripts from Windows development machine to Unix server. Use of Binary mode would require separate conversion of line ending sequences, while with ASCII mode conversion is performed "automatically".
Update: there's one more scenario that we have come across - when transferring data to/from mainframes that use EBCDIC encoding, ASCII mode tells the server to perform conversion between encodings.
Here's a practical example of a problem that comes from using a binary FTP connection. In php there are two types of comments:
// a single line comment like this
/* a block comment like this */
The block comment has a start and an end. But the single line comment just ends at the end of the line.
If you upload a php file with single line comments using a binary connection, the php will stop running as soon as it hits the single line comment. It doesn't recognise the end of the line as the end of the comment, so it effectively comments out the rest of your php script.
If however you use FTP in ASCII mode, it will correctly read the end of the line and will run your php code as expected.