Scripting help/advise on hiding/masking username/password
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Scripting help/advise on hiding/masking username/password
Hi,
I currently have a UNIX script with a function that uses a username and password to connect to the database, retrieve some information and then exit.
At the moment, am getting the username and password from a hidden plain text file and permission set to -r--------, i.e. read only to who own the file.
The owner of the file is the same owner of the script. At the moment, am not too overly concern as the script works as it is but I want to know if anyone have a suggestion if there is any better way of achieving the same thing with some "form" of security, i.e., for example, masking the username/password.
Basically, I want to be able to mask or hide the username or password in some way. I've thought about encryting the password file, which is in plain text, using simple crypt command from which I retrieve the username and password but I need to decrypt it as well which is sort of similar to how it will be as it is now once it is decrypted.
Is there anyway that I can get a username and password in some gibberish format and then translating them into something usable which can be passed on the next command that requires the username/password.
Any advise or suggestion will be very much appreciated. Some kind of starting point to test with I supposed ...
I currently have a UNIX script with a function that uses a username and password to connect to the database, retrieve some information and then exit.
At the moment, am getting the username and password from a hidden plain text file and permission set to -r--------, i.e. read only to who own the file.
The owner of the file is the same owner of the script. At the moment, am not too overly concern as the script works as it is but I want to know if anyone have a suggestion if there is any better way of achieving the same thing with some "form" of security, i.e., for example, masking the username/password.
Basically, I want to be able to mask or hide the username or password in some way. I've thought about encryting the password file, which is in plain text, using simple crypt command from which I retrieve the username and password but I need to decrypt it as well which is sort of similar to how it will be as it is now once it is decrypted.
Is there anyway that I can get a username and password in some gibberish format and then translating them into something usable which can be passed on the next command that requires the username/password.
Any advise or suggestion will be very much appreciated. Some kind of starting point to test with I supposed ...
Thanks in advance.
Well, I'd never save user IDs/passwords in a clear text file, no matter what. Very simple to find a 'hidden' file, and compromise it.
In my software, I will use PGP and a strong cipher, to encrypt the license code, etc., and have my programs decrypt it, then look at what it spits out. If the key is missing, changed, etc., the programs don't run. You could do that for a shell-script as well. That'd be more secure, since you could prompt the user for the PGP decrypt key/password, and the file that's on the drive is pretty safe.
The best way to do it, in my opinion, would be to prompt for the user ID/password each time, and not save ANYTHING on the drive. Especially for a shell script. But I think that as long as you're using a shell script, or anything that's not compiled, it's going to be insecure. Since the shell script is basically clear-text, an extra line or two could be inserted easily, to write the passwords/ID's to another file, send them to someone via email, etc. Even if you encrypt it, they can easily see the variable that you're calling, and just burp it out somewhere else, rendering all the encryption pointless.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.