Use nzpassword!

How to authenticate securely on Netezza.

Oct 03 2013

SQL

Motivation

Automating authentication to a Netezza database from a shell session could expose your credentials. If you write your password in your command line, other users could see your history. If you write your password in a file, it can be seen as well. Even if you set your NZ_PASSWORD environment variable, it can be seen by other users that have rights on /proc. The right and also the most comfortable way to perform a Netezza authentication is using nzpassword.

Requirements

I assume you are on a Linux host, with Netezza tools like nzpassword and nzsql, in your path. I recommend that Netezza tools are installed by root in the usual path, that is /usr/local/nz. So, if you don’t have nzpassword in your path, just to your .sh_profile something like this

Set your environment

export NZ_HOST=netezza-twinfin-1.mycompany.com
export NZ_USER=pippo
export NZ_DATABASE=system

It is not specify to specify a database to use nzpassword, but, it is a good idea, so you can test it immediatly.

Set everything, except NZ_PASSWORD. You can check your environment like this

$ env | grep NZ
NZ_USER=pippo
NZ_HOST=netezza-twinfin-1.mycompany.com
NZ_DATABASE=system

How to use nzpassword

List cached passwords

$ env | grep NZ
NZ_USER=pippo
NZ_HOST=netezza-twinfin-1.mycompany.com
NZ_DATABASE=system

Add a cached password

If you add a cached password you will be prompted to add password once and in a secure way. Since the environment is setted properly, it will be as easy as do

$ nzpassword add
Password:

Now you can see the authentication you just cached.

$ nzpassword
Host                           User
------------------------------ -------
netezza-skimmer-1.mycompany.com admin
netezza-twinfin-1.mycompany.com pippo

Test your cached authentication

Since the environment is setted properly, it will be as easy as do

$ nzsql
Welcome to nzsql, the Netezza SQL interactive terminal.
Type:  \h for help with SQL commands
       \? for help on internal slash commands
       \g or terminate with semicolon to execute query
       \q to quit
SYSTEM(PIPPO)=>

Remove a cached password

When you are done, just to

nzpassword delete

or even

nzpassword delete -all

You could also keep password cached and avoid writing Netezza users passwords in the config files of your scripts. That is the way nerds like it :)

Optimize Maxmind database loaded on Redshift using Analytical functions: If you need to associate an IP address to a country or a city probably you will use MaxMind data. If you load it in a relational database you will write a SQL statement that joins your traffic data with MaxMind data, which can be really heavy. This is an attempt to optimize queries by reducing the number of MaxMind data rows.
Redshift tips: I am using Redshift since two years ago, and as every database it has its SQL dialect and its secrets. I will write here everything I discover and it is worth to be annotated.
Getting started with PostGIS: PostGIS is a PostgreSQL extension that adds support for geographic objects allowing location queries to be run in SQL.
AWS Redshift compatible PostgreSQL client: How to install a PostgreSQL client (psql) that is compatible with AWS Redshift
S3 to RedShift loader: Load data from S3 to RedShift using Lambda, powered by apex. Our goal is: every time the AWS Elastic load balancer writes a log file, load it into RedShift.
How to drop a user on Netezza: You are trying to drop a user but Netezza complains cause it "owns objects"? This article shows how to solve this problem.
How to collect Netezza history: Collecting your Netezza query history is a mandatory step before optimization. Read this article to know how to collect Netezza history easily.
sqlplus tips: Tricks and tips about your everyday Oracle sqlplus usage.
How to install DBD::Oracle: I am going to put here all the steps required to install DBD::Oracle CPAN module, which is not a straightforward installation. The purpose is to reduce headache and turn it into a repeatable process.