SQL Explorer password security is designed to prevent exposure to sensitive credentials. While using SQL Explorer, the password is specified using the -password option. The -password option also accepts passwords in clear text, which may be visible to system utilities. SQL Explorer password security mitigates such risks by ensuring passwords are not exposed to UNIX tools like ps or their Windows equivalents.

For SQL Explorer password security, the options are:
  • Prompt for password—The -passwordoption in SQL Explorer is optional. If the password is not provided on the command line, the system prompts it at runtime. While typing, the password remains hidden in the console and cannot be viewed by any operating system utility. 
    For example, if you run the following command:
    sqlexp -db <dbname> -S <host> -user <username>
    The following prompt appears:
    Password for <username> to access <hostname>:<port>:<dbname>:
  • Using sqlexp in batch mode—SQL users can redirect the output of echo or cat command to sqlexp through the pipe ( | ) symbol. This method is less secure, as passwords may be captured in shell history or exposed to system monitoring tools. It should be avoided in production environments.
    For example:
    echo mypassword | sqlexp -db <dbname> -S <port> -user <username> -infile <sql_script> -outfile <sql_output>
  • Using genpassword utility—Use the genpassword utility to securely encode your passwords by specifying an encoding prefix, such as ae2h1. You can then use the encoded password in the SQL Explorer tool.
    For example, to generate an encoded password for the "test" string using the ae2h1 encoding prefix, run the following command from the command prompt: 
    genpassword -prefix ae2h1 -password test
    As a result, the genpassword utility generates an ae2h1 encoded password:
    ae2h1::e41027ea0710535e4bd4e2987d5647c95c1dd9988a7b5a4c18ec208017e7b67a9f4546afa452ff0d332f1fa703101923

    You can now supply the encoded password to the -password option of sqlexp utility.

    Syntax:
    sqlexp -db <dbname> -S <port> -user <username> -password <encoded_password>
    Example:
    sqlexp -db testdb -S 5555 -user userA -password 
ae2h1::e41027ea0710535e4bd4e2987d5647c95c1dd9988a7b5a4c18ec208017e7b67a9f4546afa452ff0d332f1fa703101923

    For more information, see genpassword and Encoding prefix.