Oracle Tips by Burleson
Encrypting the dads.conf Passwords
The dads.conf file shows that the password is in
plain text, which is not the best option for purposes of security.
Oracle provides an obfuscation utility to encrypt the password. The
dadtool.pl perl script will make a copy of the dads.conf file and
modify the PlsqlDatabasePassword
configuration parameter to an encrypted format. This will prevent
anyone from being able to read the password from the dads.conf file.
To run the obfuscationtool,
navigate to the ORACLE_HOME\Apache\modplsql\conf
directory in a DOS prompt and run the following command:
This may require setting some environment
variables. To make it easy, I create a batch file to run the command.
Shown below are the contents of the file:
The encryptdad.* files should be saved in the same
directory as the dads.conf file described above. The dadTool.pl file
is also in this directory. The encryptdad.bat file can be run the
After running the obfuscation utility, the
PlsqlDatabasePasswordconfiguration parameter will be modified to something
At this point, the HTTP Server will have to be
stopped and restarted. For UNIX/Linux, the script created in Chapter
1 of this book can be used. For Windows, the Restart HTTP Server
shortcut created off the start menu can be used.
The above book excerpt is from:
HTML-DB Oracle Application Express
Dynamic Web Pages with OAE
Michael Cunningham & Kent