Re: Hiding a password in code.

From: Leslie Viljoen <leslieviljoen@xxxxxxxxx>
Date: Mon, 30 Jun 2008 14:13:20 -0500

On 6/30/08, Dana Merrick <dmerrick@xxxxxxx> wrote:

Michael Morin wrote:

Store your password in an encrypted file. When you start the script up,

enter the encryption password to decrypt the file so your Ruby script can
grab it and keep it in memory. It won't be stored in plaintext in the file
(but will probably end up in swap if you're really paranoid).

This is about as effective as entering the password as the script starts

come to think of it. This has always been a problem. You can't store the
password to be retrieved automatically, the best you can do it obfuscate it.
And you're right, never give passwords on the command-line. Scripts that
need passwords should read them from keyboard or STDIN. Especially if
you're on a shared machine.

These are excellent points. The reason I haven't done this is that I'd like
to have my script be able to run without action from me, in the background.

I suppose I just need to accept the fact that I'm asking to do something
inherently insecure in an interpreted language. I'm pleased enough with this
solution:

form['password'] = @options[:pass] ||
"AvprGel".tr("A-Za-z","N-ZA-Mn-za-m")

"Interpreted language" is pretty much irrelevant though. The hackers
that be can pull hardcoded passwords out of compiled code very quickly
and easily.

Gnome solves this situation by using the Gnome login to open an
encrypted keyring which stores passwords to things like Wireless
networks. There should be a way for a Ruby program to leverage this
functionality.

Les

.

Follow-Ups:
- Re: Hiding a password in code.
  - From: Leslie Viljoen

References:
- Re: Hiding a password in code.
  - From: Michael Morin

Prev by Date: Re: Database stuff!
Next by Date: Re: changing the shebang of ruby files best way ?
Previous by thread: Re: Hiding a password in code.
Next by thread: Re: Hiding a password in code.
Index(es):
- Date
- Thread

Relevant Pages

Re: Automating FTP transfers
... the passwords is added to the script just before it ... * To join/leave the list, search archives, change list settings, * ... Authorised and regulated by the Financial Services Authority. ...
(comp.sys.hp.mpe)
RE: Local Admins
... Write a Perl script to handle it. ... change the passwords of local admins, ... when any new member is added to one of these groups. ... when someone in our group questioned whether we'd be sending passwords ...
(Focus-Microsoft)
Re: Send notification before PWDs expire
... built-in notification for PWDs expiration, ... interested in something like “Lots of people have taken the script and run ... make this deployment successful in a production environment. ... Finding the expiring passwords is not that big of a deal. ...
(microsoft.public.windows.server.active_directory)
Re: Problem running a script
... I thought of that but when I imported the users I assigned them all passwords ... ' UserAccountControl .vbs ... ' The heart of this script - Enable users ... how do I determine which part of domain policy is stopping ...
(microsoft.public.windows.server.active_directory)
Re: Complex Password Scripting
... Greg wrote: ... I have the script for modifying all passwords in the OU to the same password. ... 'objUser.SetPassword strPass ...
(microsoft.public.windows.server.scripting)