cancel
Showing results for 
Search instead for 
Did you mean: 

What is the advantage of specifying a asestore key instead of a password to isql?

sladebe
Active Participant
438

I've read about the aseuserstore utility at:

help.sap.com/docs/SAP_ASE/2705a3b1e3df4514ab089cfedf87750d/740b5062301c48f4aa739e6c6fb6cd62.html?version=16.0.3.4

But I'm confused about it's advantages.

As I understand it, instead of having to specify a username & password to isql, you can just specify the asestore key (using the isql -k option) that will automatically lookup the username/password and use them.

But in terms of security, what's the difference between having to specify a key and having to specify a password? Ie., don't I have to take all the same precautions to protect the asestore key as I do to protect the ASE password? Ie. if someone steals my password or if someone steals my asestore key, security is broken, right?

So for cron job scripts running isql, however they got the password for isql before, now they have to get the asestore key instead. Not really a big advantage.

View Entire Topic

Hi

I guess there are several things:

- Using the password in the command line can be displayed by anyone running in the same box. The username and password can then be easily used to connect to the server.

- The key itself, if captured from the command line, does not give you access to the server unless you also have the file that contains the username/password information. So, as long as this file is protected, the key by itself is useless. If you get both the key and the file stolen, then in fact the security is compromised.

Cheers

Carlos

sladebe
Active Participant
0 Kudos

Re: Using the password in the command line can be displayed by anyone running in the same box

But I don't do that. I read the password into a shell variable then do something like this:

sqsh -SMYSERVER -DMyDB -Umylogin << HERE
$password
<SQL statements go here>
HERE