Prevent password leakage while using sql* loader

I have shell script calling Sql*loader utility which inturn uses username/password as arguments. This details cannot be stored on server in any form due to security related policies. i got 2 approaches to handle this situation, 1. create hidden parameter file with login details and limit the access to owner. again the implication is i cannot s开发者_JAVA百科tore login data in any format on server 2. Create the user as OS authenticated and straight away login into sql without any userid/password I am not able to figure out risks involved in 2nd approach which u experienced folks could have come across. let me know if there is any other approach to handle password leakage issue

If you use windows, you can use DOS variables to store the password. Make two variables, called sqlldr_user and sqlldr_password (or call them sq_jfkd and sq_tral to not make it too obvious what it is). You can do this under System Properties (windows+break)->advanced->environment variables.

In your sqlldr batch file, use %sqlldr_user%/%sqlldr_pass@connectstring, control=my_control