Enhance security documentation to prevent weak password usage

shakiyam · shakiyam · commit 1dd6bcdf2510 · 2025-08-29T08:29:36.000Z
diff --git a/install-Oracle-Database-19c-for-LINUX-ARM/README.md b/install-Oracle-Database-19c-for-LINUX-ARM/README.md
@@ -21,14 +21,32 @@ Download Oracle Database 19c for LINUX ARM software from [Oracle Database Softwa
 Configuration
 -------------
 
-Copy the file `dotenv.sample` to a new file named `.env` and modify the contents as needed.
+**⚠️ IMPORTANT**: Always create a `.env` file before running provision.sh. 
+Running without `.env` will use weak default passwords from `dotenv.sample`, creating a serious security risk.
 
+Create a secure `.env` file from the sample with proper permissions:
+
+```shell
+# Create .env with restricted permissions (owner read/write only)
+cp dotenv.sample .env
+chmod 600 .env
+
+# Edit the file and set a strong password (DO NOT use default 'oracle')
+vi .env
+```
+
+**Security Note**: The `.env` file contains sensitive information. Always:
+- Set file permissions to `600` (owner read/write only)
+- Use strong, unique passwords (avoid default 'oracle')
+- Never commit `.env` to version control (already in .gitignore)
+
+Example configuration:
 ```shell
 MEDIA=/mnt
 ORACLE_BASE=/u01/app/oracle
 ORACLE_CHARACTERSET=AL32UTF8
 ORACLE_HOME=/u01/app/oracle/product/19.19.0/dbhome_1
-ORACLE_PASSWORD=oracle
+ORACLE_PASSWORD=CHANGE_THIS_TO_STRONG_PASSWORD
 ORACLE_PDB=pdb1
 ORACLE_SAMPLESCHEMA=TRUE
 ORACLE_SID=orcl
diff --git a/install-OracleDatabase11.2/README.md b/install-OracleDatabase11.2/README.md
@@ -22,15 +22,33 @@ Download Oracle Database 11g Release 2 (11.2.0.4) software from [My Oracle Suppo
 Configuration
 -------------
 
-Copy the file `dotenv.sample` to a new file named `.env` and modify the contents as needed.
+**⚠️ IMPORTANT**: Always create a `.env` file before running provision.sh. 
+Running without `.env` will use weak default passwords from `dotenv.sample`, creating a serious security risk.
 
+Create a secure `.env` file from the sample with proper permissions:
+
+```shell
+# Create .env with restricted permissions (owner read/write only)
+cp dotenv.sample .env
+chmod 600 .env
+
+# Edit the file and set a strong password (DO NOT use default 'oracle')
+vi .env
+```
+
+**Security Note**: The `.env` file contains sensitive information. Always:
+- Set file permissions to `600` (owner read/write only)
+- Use strong, unique passwords (avoid default 'oracle')
+- Never commit `.env` to version control (already in .gitignore)
+
+Example configuration:
 ```shell
 MEDIA=/mnt
 ORACLE_BASE=/u01/app/oracle
 ORACLE_CHARACTERSET=AL32UTF8
 ORACLE_EDITION=EE
 ORACLE_HOME=/u01/app/oracle/product/11.2.0.4/dbhome_1
-ORACLE_PASSWORD=oracle
+ORACLE_PASSWORD=CHANGE_THIS_TO_STRONG_PASSWORD
 ORACLE_SAMPLESCHEMA=TRUE
 ORACLE_SID=orcl
 ```
diff --git a/install-OracleDatabase12.1/README.md b/install-OracleDatabase12.1/README.md
@@ -22,14 +22,32 @@ Download Oracle Database 12c Release 1 (12.1.0.2) software from [My Oracle Suppo
 Configuration
 -------------
 
-Copy the file `dotenv.sample` to a new file named `.env` and modify the contents as needed.
+**⚠️ IMPORTANT**: Always create a `.env` file before running provision.sh. 
+Running without `.env` will use weak default passwords from `dotenv.sample`, creating a serious security risk.
 
+Create a secure `.env` file from the sample with proper permissions:
+
+```shell
+# Create .env with restricted permissions (owner read/write only)
+cp dotenv.sample .env
+chmod 600 .env
+
+# Edit the file and set a strong password (DO NOT use default 'oracle')
+vi .env
+```
+
+**Security Note**: The `.env` file contains sensitive information. Always:
+- Set file permissions to `600` (owner read/write only)
+- Use strong, unique passwords (avoid default 'oracle')
+- Never commit `.env` to version control (already in .gitignore)
+
+Example configuration:
 ```shell
 MEDIA=/mnt
 ORACLE_BASE=/u01/app/oracle
 ORACLE_CHARACTERSET=AL32UTF8
 ORACLE_HOME=/u01/app/oracle/product/12.1.0.2/dbhome_1
-ORACLE_PASSWORD=oracle
+ORACLE_PASSWORD=CHANGE_THIS_TO_STRONG_PASSWORD
 ORACLE_PDB=pdb1
 ORACLE_SAMPLESCHEMA=TRUE
 ORACLE_SID=orcl
diff --git a/install-OracleDatabase12.2/README.md b/install-OracleDatabase12.2/README.md
@@ -21,15 +21,33 @@ Download Oracle Database 12c Release 2 (12.2.0.1) software from [Oracle Software
 Configuration
 -------------
 
-Copy the file `dotenv.sample` to a new file named `.env` and modify the contents as needed.
+**⚠️ IMPORTANT**: Always create a `.env` file before running provision.sh. 
+Running without `.env` will use weak default passwords from `dotenv.sample`, creating a serious security risk.
 
+Create a secure `.env` file from the sample with proper permissions:
+
+```shell
+# Create .env with restricted permissions (owner read/write only)
+cp dotenv.sample .env
+chmod 600 .env
+
+# Edit the file and set a strong password (DO NOT use default 'oracle')
+vi .env
+```
+
+**Security Note**: The `.env` file contains sensitive information. Always:
+- Set file permissions to `600` (owner read/write only)
+- Use strong, unique passwords (avoid default 'oracle')
+- Never commit `.env` to version control (already in .gitignore)
+
+Example configuration:
 ```shell
 MEDIA=/mnt
 ORACLE_BASE=/u01/app/oracle
 ORACLE_CHARACTERSET=AL32UTF8
 ORACLE_EDITION=EE
 ORACLE_HOME=/u01/app/oracle/product/12.2.0.1/dbhome_1
-ORACLE_PASSWORD=oracle
+ORACLE_PASSWORD=CHANGE_THIS_TO_STRONG_PASSWORD
 ORACLE_PDB=pdb1
 ORACLE_SAMPLESCHEMA=TRUE
 ORACLE_SID=orcl
diff --git a/install-OracleDatabase18/README.md b/install-OracleDatabase18/README.md
@@ -21,15 +21,33 @@ Download Oracle Database 18c (18.3) software from [Oracle Software Delivery Clou
 Configuration
 -------------
 
-Copy the file `dotenv.sample` to a new file named `.env` and modify the contents as needed.
+**⚠️ IMPORTANT**: Always create a `.env` file before running provision.sh. 
+Running without `.env` will use weak default passwords from `dotenv.sample`, creating a serious security risk.
 
+Create a secure `.env` file from the sample with proper permissions:
+
+```shell
+# Create .env with restricted permissions (owner read/write only)
+cp dotenv.sample .env
+chmod 600 .env
+
+# Edit the file and set a strong password (DO NOT use default 'oracle')
+vi .env
+```
+
+**Security Note**: The `.env` file contains sensitive information. Always:
+- Set file permissions to `600` (owner read/write only)
+- Use strong, unique passwords (avoid default 'oracle')
+- Never commit `.env` to version control (already in .gitignore)
+
+Example configuration:
 ```shell
 MEDIA=/mnt
 ORACLE_BASE=/u01/app/oracle
 ORACLE_CHARACTERSET=AL32UTF8
 ORACLE_EDITION=EE
 ORACLE_HOME=/u01/app/oracle/product/18.3.0/dbhome_1
-ORACLE_PASSWORD=oracle
+ORACLE_PASSWORD=CHANGE_THIS_TO_STRONG_PASSWORD
 ORACLE_PDB=pdb1
 ORACLE_SAMPLESCHEMA=TRUE
 ORACLE_SID=orcl
diff --git a/install-OracleDatabase19/README.md b/install-OracleDatabase19/README.md
@@ -21,15 +21,33 @@ Download Oracle Database 19c (19.3) software from [Oracle Database Software Down
 Configuration
 -------------
 
-Copy the file `dotenv.sample` to a new file named `.env` and modify the contents as needed.
+**⚠️ IMPORTANT**: Always create a `.env` file before running provision.sh. 
+Running without `.env` will use weak default passwords from `dotenv.sample`, creating a serious security risk.
 
+Create a secure `.env` file from the sample with proper permissions:
+
+```shell
+# Create .env with restricted permissions (owner read/write only)
+cp dotenv.sample .env
+chmod 600 .env
+
+# Edit the file and set a strong password (DO NOT use default 'oracle')
+vi .env
+```
+
+**Security Note**: The `.env` file contains sensitive information. Always:
+- Set file permissions to `600` (owner read/write only)
+- Use strong, unique passwords (avoid default 'oracle')
+- Never commit `.env` to version control (already in .gitignore)
+
+Example configuration:
 ```shell
 MEDIA=/mnt
 ORACLE_BASE=/u01/app/oracle
 ORACLE_CHARACTERSET=AL32UTF8
 ORACLE_EDITION=EE
 ORACLE_HOME=/u01/app/oracle/product/19.3.0/dbhome_1
-ORACLE_PASSWORD=oracle
+ORACLE_PASSWORD=CHANGE_THIS_TO_STRONG_PASSWORD
 ORACLE_PDB=pdb1
 ORACLE_SAMPLESCHEMA=TRUE
 ORACLE_SID=orcl
diff --git a/install-OracleDatabase21/README.md b/install-OracleDatabase21/README.md
@@ -21,15 +21,33 @@ Download Oracle Database 21c (21.3) software from [Oracle Database Software Down
 Configuration
 -------------
 
-Copy the file `dotenv.sample` to a new file named `.env` and modify the contents as needed.
+**⚠️ IMPORTANT**: Always create a `.env` file before running provision.sh. 
+Running without `.env` will use weak default passwords from `dotenv.sample`, creating a serious security risk.
 
+Create a secure `.env` file from the sample with proper permissions:
+
+```shell
+# Create .env with restricted permissions (owner read/write only)
+cp dotenv.sample .env
+chmod 600 .env
+
+# Edit the file and set a strong password (DO NOT use default 'oracle')
+vi .env
+```
+
+**Security Note**: The `.env` file contains sensitive information. Always:
+- Set file permissions to `600` (owner read/write only)
+- Use strong, unique passwords (avoid default 'oracle')
+- Never commit `.env` to version control (already in .gitignore)
+
+Example configuration:
 ```shell
 MEDIA=/mnt
 ORACLE_BASE=/u01/app/oracle
 ORACLE_CHARACTERSET=AL32UTF8
 ORACLE_EDITION=EE
 ORACLE_HOME=/u01/app/oracle/product/21.3.0/dbhome_1
-ORACLE_PASSWORD=oracle
+ORACLE_PASSWORD=CHANGE_THIS_TO_STRONG_PASSWORD
 ORACLE_PDB=pdb1
 ORACLE_SAMPLESCHEMA=TRUE
 ORACLE_SID=orcl
