Re: Passwords in scripts

Well, if you are going to store a password in a shell script (not a good idea IMHO), then make sure the people that need to use this file only have execute permission (read permission is not necessary).

if possible, please use a hash of the password (crypt at a bare minimum)

As flyingmoose said, Authen::PAM or similar can also be used.

Comment on Re: Passwords in scripts

Replies are listed 'Best First'.
Re: Passwords in scripts by Abigail-II (Bishop) on Mar 24, 2004 at 10:15 UTC
if possible, please use a hash of the password (crypt at a bare minimum) For what? Considering that what one understands to be a 'hash' in this context, this is a one-way function. You can't decrypt it. But even if you can, the program must include instructions how to decrypt it, including any decryption keys. If you can see the instructions, you might as well store the password in plain text. Your suggestion is like locking the door of your house, and either bang the key with a hammer to a flat piece of metal, or to tape the key on the door. Abigail	[reply]
Re: Passwords in scripts by Abigail-II (Bishop) on Mar 24, 2004 at 10:20 UTC
Well, if you are going to store a password in a shell script (not a good idea IMHO), then make sure the people that need to use this file only have execute permission (read permission is not necessary). Not setting read permission will only work if you are root, or if the shell is setuid root. And that's because a process with root level permissions can read any file, regardless of its permissions. If the shell is denied read access to the file, how on earth is the shell going to know what it should do? It's the same for a Perl program - if perl can't read the file, nothing will happen. Abigail	[reply]
Re: Re: Passwords in scripts by jfroebe (Parson) on Mar 24, 2004 at 16:19 UTC
Hi, yup, you are correct, thinking of binaries. Sorry about that	[reply]