Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'How to Obscure Command Line Passwords' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
How to Obscure Command Line Passwords
Authored by: cyberdave on Jul 06, '10 02:46:01PM

I don't know why one would jump through the hoops to use Perl for this, when it can be done just as easily in the shell itself (in fact it's doing exactly the same thing, without the overhead of launching the Perl interpreter).

This code will prompt for a password and store it an environment variable called PASSWORD, without your typing being echoed back:

stty -echo && echo -n "Enter password: " && read PASSWORD ; stty sane 

(Note that, with shell scripting, the 'command1 && command2' syntax will execute command2 if command1 completes successfully, which makes sense in this case for turning off echo and reading the password; we always want to execute 'stty sane' to reset the shell to sane defaults if, e.g., the user hits Ctrl-C instead of typing in a password, so it's chained with ';' instead of '&&')

Here it is in action:

cyberdave@laptop] stty -echo && echo -n "Enter password: " && read PASSWORD ; stty sane
Enter password:
cyberdave@laptop] echo $PASSWORD
Sekrit

You can, of course, change 'PASSWORD' to whatever variable needs to be set (e.g., "read XGRID_CONTROLLER_PASSWORD")

Note, that, as another user commented, the right flags to 'ps' will show you command-line arguments, so be wary of passing passwords in this manner. Since it's an environment variable in the shell, one could probably also find it somewhere in the shell process's memory if one were to go digging (though I've not tried this).



[ Reply to This | # ]
How to Obscure Command Line Passwords
Authored by: SOX on Jul 06, '10 02:59:13PM

first it's weird to say perl is jumping through hoops when, by using perl, you can do much more complicated things if you so desired.

Second this is merely the illustration of the basic concept of how to obscure passwords by loading them using a script. The language used to do the loading is merely a detail.



[ Reply to This | # ]
How to Obscure Command Line Passwords
Authored by: cyberdave on Jul 06, '10 05:01:20PM

Don't get me wrong, I love Perl and I use it all the time..but there's also 'the right tool for the job', and in this particular example, using a bit of Perl that consists basically of two system() calls and exporting an environment variable back to your shell is overkill when you can do all that without leaving the shell, with simpler code (at least to someone like me, who is comfortable with both shell scripting and Perl scripting).

Now, if I happened to have some Perl could that could interact with the Keychain more cleanly than dealing with the 'security' command and parsing it's output, then, yeah, I'd probably using that instead of a complicated bit of shell scripting (and I'd be arguing "hey, just do it in Perl!" if this was a hint showing the excessively complicated way).

But as far as this hint goes, which when I first read it, seems to really be about reading a password in the shell and assigning it to a variable without echoing your typing, I still say the shell version is better. Now, if you (not you personally) wanted to take this hint and expand on it and turn it into a more advanced tutorial (like 1: the basic method of how to read a password at the command line and store it in an environment variable, then 2: do the same thing in Perl, then 3: demonstrate how to do more advanced things in the Perl version, and 4: make it suitably generic (though the subject suggests otherwise, this one is really geared towards the Xgrid use case, and being able to use the same method elsewhere is added on somewhat as an afterthought) so everyone could see the different ways of doing it and choose the variation that's best suited for what they're trying to do, then we'd all be happy(er). :)



[ Reply to This | # ]
How to Obscure Command Line Passwords
Authored by: ambrose on Jul 06, '10 04:14:34PM

In those cases where a #!script is invoked via /bin/sh, the builtin echo command behaves differently than when the script is invoked via /bin/bash -- it will not recognize the -n argument. To suppress the newline character in such circumstances, the string to be echoed should be followed by '\c'.



[ Reply to This | # ]
How to Obscure Command Line Passwords
Authored by: kps on Jul 10, '10 10:51:16AM
In this context, use
stty echo
rather than
stty sane
The latter may also change other settings.

[ Reply to This | # ]