Data Masker

Login Substitution for the Oracle Command-line

Background

This article is a part of the series on Command Line Automation. For details on the feature, please review this article first.

Contents

Quick Syntax

Using TNSNames

<DummyLogin>@<TNSSpecificName>||<RealLogin>/<RealPassword>@<OtherTNSSpecifName>

Using TCP Connection

<DummyLogin>@[{Server}:{Port}:{DB or Service}]||<RealLogin>/<RealPassword>@[{Server}:{Port}:{DB or Service}]


Example 1 - Connecting via TNS Names

Given a Rule Controller configured with a login of UserName and a TNS name of TnsName

and a parameter file containing the following: LOGINSUB=UserName@TnsName||DataMasker/ItIsSecret@RealTNSName

then Data Masker would check each Rule Controller in the masking set, configuring the login information to be

  • Login Name: DataMasker
  • Password: ItIsSecret
  • TNSName: RealTNSName

The dummy values serving as place holders for the real information and allow the appropriate Rule Controller to be updated at run time.



Example 2 - Connecting via TCP/IP

Similarly when connecting via TCP with port 1521 to server localhost and database database1 we can author the following parameter file:

LOGINSUB=SYS@[localhost:1234:database1]||DataMasker/ItIsSecret@[oracle-dbs.mydomain.com:1234:db12]

... which would configure the above example as following:

  • Login Name: DataMasker
  • Password: ItIsSecret
  • Host Name or IP: oracle-dbs.mydomain.com
  • Port: 1234
  • Service Name: db12


Supporting multiple Rule Controllers

A masking set can have multiple Rule Controllers. In that circumstance, multiple substitution parameters can be configured as shown below:

LOGINSUB=FOO@BAR||DataMasker/ItIsSecret@RealTNSName
LOGINSUB=FOO@[BAR:1234:BAZ]||DataMasker/ItIsSecret@[RealServer:RealPort:RealDatabase]

If more than one login substitution is required by the masking set, simply use multiple LOGINSUB lines in the parameter file as illustrated in the example above.

The Data Masker Command Line Processor uses delimiter characters ('@', '[', ']', ':' and '=') to determine the various components of the login name, password, database, server and TNS name in the Login and Database substitution parameters. If the contents of a login substitution parameter require the use of any of these characters (for example a password is "myp@ss") the presence of the delimiters will disrupt the interpretation and processing of the command line.


Didn't find what you were looking for?