Even if you encrypted the password in your script or in a file that your script reads the script still has to be able to get the plain text from the encrypted version. (Because it has to send the plain text across the wire.) Now of course to decrypt you need the key (or pass-phrase, etc). Next we note that if the script can read the key to the encrypted text then you may as well have left the plain text password out where you left the key. It's not a fun problem.

Apache used to (probably still does) support SSL keys that were encrypted. The catch was you needed to be at a keyboard to type in the password to decrypt the keys before apache would start and run sites with those keys. Now of course you don't want to do that. (Neither did I so all my keys have no password on them. I don't worry because only "root" can read them and if someone has root on one of those servers I have bigger issues.) Since you did call the program a daemon you could do it this way and your password / key never get's stored on the disk. (Unless the RAM that holds the password get's swapped out to disk.) Now if you are looking at a "cron" job then this won't work.

skx got it right on in 396238 by saying you have to put the password in a file that no one else on the system should be able to read. Unless you have "root" and no one else has that sort of access on the machine then you've got quite a challenge ahead.

Also backups of you home directory will have the password in them too so hope you're admin keeps those safe. (I have mentioned this before and would like to say it sounds paranoid but it happens that backups are not protected sometimes. "Here's the backup disk. Just copy your files off it and bring it back to me.")

Oh and since we are talking about passwords on the system. If your command line for a cron job has a password and the job generates any output (including a system error) the whole command line get's emailed to you in plain text.

PS: This was all assuming a *NIX background. I can't comment on anything else with any authority.

In reply to Re: Sending encrypted passwords via Telnet by superfrink
in thread Sending encrypted passwords via Telnet by theroninwins

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.