0

I just wanted to hide password in teradata mload script. So I encrypted the password and tried to logon like that...

.Accept id_pwd From Env var IdPwdStr // Decrypted string

.Logon &id_pwd;

It worked okay. But the password was not hide in the log file.

Logfile:

...

003 .Logon &id_pwd;

... *** UTY2402 Previous statement modified to:

005 .Logon id,pwd; // pwd visible

Is there any option to hide password in log file?

Original script was

.Logon id,pwd;

Logfile:

003 .Logon id,; //not display password

jandbond
  • 11
  • 5
  • 1
    Check out the "tdwallet" tool. See the "Security Administration" guide and the "Installation" documentation for your platform at https://docs.teradata.com – Fred Mar 11 '20 at 18:21
  • Is there any options not to display UTY2402 message? – jandbond Mar 12 '20 at 00:43
  • No. The password is suppressed for the actual logon, but when you use a script variable the resulting text after substitution is echoed to the log. – Fred Mar 12 '20 at 01:49
  • How com the original logon script is not echoed to the log? Logon id,pwd; Logfile: 003 .Logon id,; //not display password – jandbond Mar 12 '20 at 02:20
  • Another vote here for using tdwallet to manage this. It's the only near-100% sure way to store secret credentials without having to leak them through variables, scripts, logs, and whatnot. Not even the user under which the script is executing can see the credentials after they are stored. Any other workaround you try to mimic this is going to have a point of failure. – JNevill Mar 12 '20 at 13:11

0 Answers0