Whenever viewing the scheduled task in the Task Scheduler Library (Windows 2008 Server R2), if you click on the "Actions" tab and expand the information under 'Details', it makes apparent the database username and password to access our system, which creates huge concerns. We would like to inquire if there's any suggested ways around this as it technically puts us out of compliance statuses we are required to adhere to.
The Windows Task Scheduler simply executes the action that has been set.
Since this Export (exp.exe) Oracle program is a command line execution, windows cannot mask the password information of this command because simply the command would not execute. If so, it would generate an error (ORA-01017: invalid username/password; logon denied).
This sensitive information has to be in the execution string to be executed.
The security of this information is maintained by the Windows OS login credentials of the server in the Task Wizard’s schedule to run later section.
One might be able to find additional security options under Windows' Task’s General tab. Pressing F1 gives the background on the Task Security Context.
There is not much Toad for Oracle can do about this. Toad for Oracle calls the Oracle Export program and fills in the appropriate string parameters. Oracle’s Export programs need these parameters to execute the command line program.
