Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to store the passwords securely and use in scripts?
Top Forums Shell Programming and Scripting How to store the passwords securely and use in scripts? Post 303034029 by RavinderSingh13 on Tuesday 16th of April 2019 11:40:50 PM
Old 04-17-2019
Quote:
Originally Posted by Neo
Ravinder,

Many systems on the network require passwords to be stored in a flat file.

It's not always avoidable, so you can't say "NEVER NEVER DO THIS"... spoken much like someone who has not built a production application which uses clear text passwords.

Theory is not always the same in practice.
Normally, these kind of DB passwords are stored in plaintext in files which are hidden from users, so we must look at who has access to the system, the risk, the criticality of the application and other risk management factors.
This is correct. Many CMS programs like WordPress store the DB passwords in clear text in a flat configuration file.
Thank you Neo for correcting me, I have deleted my answer now, considering it was not adding any value add to post.

Thanks,
R. Singh
 

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to pass passwords to bash scripts?

I'm finding the following command very tedious to type in all the time, so I created a one line bash script called mount.bash with the following contents: mount -t cifs //mark/C\$ -o unc=//mark\\C$,ip=10.1.1.33,user=Administrator,password=$1 /mnt/mark I don't like the fact that I have to put... (5 Replies)
Discussion started by: siegfried
5 Replies

2. Shell Programming and Scripting

Checking passwords - scripts

Hi Unix experts.... I am in the process checking user and root password of more than 1000 servers manulay. I am very pissed of checking these many servers manualy. Could some one of you help me how can i check the passwords just by runing some scripts..! Need Help Guys..! :confused: (5 Replies)
Discussion started by: bullz26
5 Replies

3. Solaris

installing solaris securely

Ok, I am trying to install solaris, but I would like as a lean installation as possible (while still having a shread of functionality). If I chose the minimal install I have little if no utilities to do work on the box. My question is what installation method do most admins take? ... (7 Replies)
Discussion started by: liven
7 Replies

4. Shell Programming and Scripting

Oracle Passwords in Unix scripts

Hi Most of the shell scripts I am dealing with have to connect to oracle database . The username password is stored in a environment file which sets the variables for username and password . Set user id do not work on AIX so users who will execute these scripts need to have read or execute... (5 Replies)
Discussion started by: clifford
5 Replies

5. Shell Programming and Scripting

SSH - Passing Unix login passwords through shell scripts

Hi All , I need to call a script runscript_B.sh on server A, the runscript_B.sh script locating in server B. The runscript_B.sh in calls another script runscript_A on server A itself. it seend, i need to be connect from Server A to Server B using ssh. I have tryed like this in... (3 Replies)
Discussion started by: koti_rama
3 Replies

6. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

7. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

8. UNIX for Advanced & Expert Users

Store passwords , accounts, IPs, hostnames

Hi, this question is not specially unix related, but I expect advanced and expert unix users to have a solution for this, and I've found no other subforum that fits ;) what do you use to store accounts, customer ids, ip addresses, users and specially passwords, to access them from... (6 Replies)
Discussion started by: funksen
6 Replies

LEARN ABOUT DEBIAN

pam_otpw

PAMOTPW(8)						      System Manager's Manual							PAMOTPW(8)

NAME

       pam_otpw - verify one-time passwords

SYNOPSIS

       pam_otpw [ arguments ]

DESCRIPTION

       OTPW  is  a  one-time password authentication system. It compares entered passwords with hash values stored in the user's home directory in
       the file ~/.otpw.  Once a password was entered correctly, its hash value in ~/.otpw will be overwritten with hyphens,  which  disables  its
       use  in future authentication. A lock file ~/.otpw.lock prevents that the same password challenge is issued on several concurrent authenti-
       cation sessions. This helps to prevent an eavesdropper from copying a one-time password as it is entered instantly into a  second  session,
       in the hope to get access by sending the final newline character faster than the user could.

       Both  an  authentication  management and a session management function are offered by this module. The authentication function asks for and
       verifies one-time passwords. The session function prints a message after login that reminds the user of the remaining  number  of  one-time
       passwords.

ARGUMENTS

       debug  Turn on debugging via syslog(3).

       nolock Disable  locking. This option tells the authentication function of pam_otpw.so to ignore any existing ~/.otpw.lock lock file and not
	      to generate any. With this option, pam_otpw.so will never ask for several passwords simultaneously.

AUTHOR

       The OTPW package, which includes the otpw-gen progam, has been developed by  Markus  Kuhn.  The	most  recent  version  is  available  from
       <http://www.cl.cam.ac.uk/~mgk25/otpw.html>.

SEE ALSO

       otpw-gen(1), pam(8)

								    2003-09-30								PAMOTPW(8)
All times are GMT -4. The time now is 10:18 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy