Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a bash script that I need to write my password to run a program. Other people can see it. Are there a way to write the password in a not too obvious way? Even if he can do the same command in bash and get the password, he can’t read it in text.
Today I do this:
PASSWORD="1234567"
program --pass=$PASSWORD
I want to do this
PASSWORD="10101001001010010101010100101" #binary or other code
NEW_PASS=`decrypt $PASSWORD`
program --pass=$NEW_PASS
Any idea?
What you’re asking for is not only evil — it simply won’t work.
All a user has to do to see your password is to run
bash -x your_scriptand the output will include…no matter how effective the obfuscation might have been.
What’s the actual program you’re trying to call that needs a password? Can you hide your password behind a setuid wrapper, such that the wrapper can read the password file even if the user who runs it can’t? Can you (borrowing DigitalRoss’s suggestion) set up a user account which has a copy of the stored password (or, better, a certificate or keypair), configure it only to be able to run your script and nothing else over SSH, and give the users who should be able to run the script permissions to SSH as that user (or sudo to that user for only the single command, or so forth)?
Etc.
In short: Aim for real security, not obfuscation.
Now, if you did want obfuscation — the traditional approach is ROT-16:
…but if it’s a password you actually care about whatsoever, don’t obfuscate — use one of the approaches given above to avoid storing a password in a user-readable manner at all.