in reply to plaintext password in scripts run through cron

Just to supply a paranoid alternative...you could always write yourself a small daemon that kicks off the scripts for you instead of cron (and have it parse a cron-style file). When you start up your daemon, have it prompt for the necessary passwords, or set them as environment variables. That way you don't have to store the passwords at all, but you will have to make sure you remember to restart the daemon manually if the machine gets rebooted. Since you have so many systems, I assume you're already running some kind of monitoring software, so you could have it alert you if the daemon isn't running.
  • Comment on Re: plaintext password in scripts run through cron

Replies are listed 'Best First'.
Re: Re: plaintext password in scripts run through cron
by jasonk (Parson) on Oct 17, 2003 at 13:20 UTC

    Just a tip when storing passwords in a daemon. On most platforms putting it in the environment isn't any safer than putting it in a file on disk (if you are on a linux box, try 'cat /proc/$$/environ').

    We're not surrounded, we're in a target-rich environment!
[reply]
      Well that's unfortunate. I guess you're better off avoiding environment variables for that sort of thing then, although Solaris and Tru64 don't supply that info in /proc. I don't know about other OS's.
[reply]

        Just because they don't provide it in /proc doesn't mean it isn't available. I used linux as an example just because it's available so easily, but the environment is not safe on most platforms, not just linux.

        We're not surrounded, we're in a target-rich environment!
[reply]

In Section Seekers of Perl Wisdom