All,

I want to encrypt a database system administration password into a file or environment variable. Then, I want to decrypt the password from the file or environment variable so nobody sees the clear text password.

For example, I have the database password of developement.
I need to execute the following line to access the database:

isql -Usysadmin -Pdevelopment

I want users not to see the development password in clear text.

Thanks!

One way encryption is fairly straight forward with Unix, and can be achieved using the "crypt" command (if available) or system call, or using the crypt() function in Perl, PHP and others. The problem with this is exactly that - it's one way. You can't decrypt a "crypt"ed password (otherwise /etc/{passwd,shadow} would be useless as authentication mechanisms).

The problem is that the -P option to isql expects the "true" password, not an encrypted variant. It may or may not be visible in ps output listings.

Some related threads that might assist you can be found here:
Hiding password from ps
Hiding login/password in process!

I do a lot of PHP/PostgreSQL web programming, and I request the plain text login over https, then the "login" PHP script encrypts the password and checks it against the encrypted password stored within the "user" table (or whatever it may be called). Not too sure if you could create some kind of web enabled front end for Informix - we use curses for our Informix frontend at work.

Hope something there was of use!

Cheers
ZB