protecting password in Argbatch

I?m using Argbatch to start, stop and backup a database, and have created three .cmd files in windows to do this task. Since the Argbatch requires a password to do these tasks, the password is reviled if users can read the .cmd files. Authorized users are allowed to start and stop the database, and the administrator/system is allowed to backup the database. Only the administrator should be allowed to see the password.

For the backup .cmd file this is easy since I can set the permissions in windows, so that only the administrator/system is allowed to read and execute the .cmd file.

But with the start and stop of the database I can?t do the same trick since I, as far as I know, can?t set only a Execute permission. I can only select a Read and Execute permission, which means the password is potential reviled to users.

Is there a solution to this? For example:
- Some way to set only a Execute permission (and not Read permission) on a .cmd file
- A way to hide the password to Argbatch (for example by creating a service in windows 2000 and then pars the password from the service to the .cmd file)
- Set the permission in Tamino, so that all Authorized users can start and stop a database (but nothing else)

I?m using Tamino 3.1.2.1 under windows 2000

Many regards from

Ole Engele Nielsen
Manager

InterResearch A/S - Trekronergade 126 F - 2500 Valby
Phone: +45 70 27 28 72 - Mobile: +45 20 10 21 74 - Fax: +45 36 14 80 20
E-mail: oen@interresearch.dk - Homepage: http://www.interresearch.net/

Hi Ole,
In the documentation for System Management Hub(Tamino manager;-) you’ll find the following description of how to use environment variables for storing uid/pw:
Batch Authentication
For the target node, a user and a password must be specified. There are three ways to define the target user and password:
----
Directly as parameters in the batch command:
e.g. start database user=abc password=defghijk …
This setting has the highest priority. If a target user and password are specified in this way, any other settings will be ignored.
With the environment variables ARGBATCH_USER and ARGBATCH_PASSWORD. If these two environment variables have been defined on the client side, their values will be taken. Specifying user and password directly as parameters in the batch command will override these values (as stated above).
By specifying of the target user with the setEnvironment statement (see environment). If no user and password information has been specified with the other two methods, the user and password information set here will be applied.
It is possible to pipe one or more batch commands into the batch client if they are specified in a file separated by semicolons. e.g.: argbatch < commands.in > commands.out

Finn