dadenn has asked for the wisdom of the Perl Monks concerning the following question:

I have a Perl-Tk script that uses frame/checkbox/Entry widget to ask for a new LDAP password. I use show=>'*' to mask the actual password. I have over 300 group accounts that have complex passwords and have to change every 180 days. We make up an excel spreadsheet (password protected) to create the new passwords, then copy/paste them into the script. I need a way to toggle from the masked password to the clear text password to ensure the copy/paste was what I expected before I issue the LDAP command to alter it. Is this even possible?

Replies are listed 'Best First'.
Re: show/hide an Entry field
by hippo (Archbishop) on Jun 29, 2016 at 08:20 UTC
    We make up an excel spreadsheet (password protected) to create the new passwords, then copy/paste them into the script.

    No doubt you have an excellent reason for doing it in this horribly inefficient manner but for the life of me I cannot imagine what that might be. Care to share?

    I would forget all about Tk for this and just export the data to a temporary CSV, slurp it in and change them all automatically. If (unlike me) you like working with MS Excel directly you can probably even omit the CSV step.

[reply]
      Would you care to come up with 300+ passwords every 6 months that are a minimum of 12 characters, 2 uppercase, 2 lowercase, 2 special characters, 2 numeric with no more than three of any type together? And remember them? And never repeat any password for 24 months? I already created an LDAP GUI to assist in running commands in four domains and using the Perl-Tk GUI to change those 300+ passwords in 4 LDAP domains saves A LOT of time. If I can verify that the copy/paste is correct, that would also save a lot of time.
[reply]

        Would you care to come up with 300+ passwords every 6 months that are a minimum of 12 characters, 2 uppercase, 2 lowercase, 2 special characters, 2 numeric with no more than three of any type together? And remember them? And never repeat any password for 24 months? I already created an LDAP GUI to assist in running commands in four domains and using the Perl-Tk GUI to change those 300+ passwords in 4 LDAP domains saves A LOT of time. If I can verify that the copy/paste is correct, that would also save a lot of time.

        One person with 300+ passwords?

        If that is the case, why hide the passwords at all?

        Why wouldn't the passwords be identical ? If copy/paste can fail, how can you trust Tk to hide/show without corrupting... how can you trust any part of the program?

[reply]
Re: show/hide an Entry field
by Anonymous Monk on Jun 29, 2016 at 02:04 UTC 
    #!/usr/bin/perl

# http://perlmonks.org/?node_id=1166828

use strict;
use warnings;
use Tk;

my $alt = 0;

my $mw = new MainWindow;
my $e = $mw->Entry(-show => '*',
  )->pack();
$mw->Button(-text => 'Toggle',
  -command => sub { $e->configure( -show => $alt++ % 2 ? '*' : '' ) },
  )->pack();

MainLoop;

    [download]
[reply]
[d/l]
      I don't believe this method works with frame/Entry/configure does it?
[reply]

        Don't go by belief. Go by test and verify.

[reply]

        Show your code.

[reply]
Re: show/hide an Entry field
by Laurent_R (Canon) on Jun 29, 2016 at 06:22 UTC
    I am not an expert in this field, but that does not sound very secure to me as a process if it is so easy to find the clear text password.
[reply]
      Please don't worry, the password protected spreadsheet is accessible only by root as well
[reply]

Back to Seekers of Perl Wisdom