I use STTY command to make the password invisible.
Now I need to write the password into another file pwd.txt, but in an invisible manner, something like ******. Another thing is to when I echo the content of pwd.txt I get the password I actually typed.
Thanks guys. Help me out.
Last edited by Scott; 08-07-2013 at 10:30 AM..
Reason: ssty -> STTY; other spelling, grammar errors
May be I'm wrong; your requirement looks ambiguous to me. If you want to write the password to a file in an "invisible manner something like ******", then how good (or secure) is it, if you are able to echo the content of pwd.txt and you get the password that you actually typed?
If you need to write the password to a file as "*****" just write a literal "*****" to the file. So long as you know there's no way to read it back as the entered password!
Here's something to display "*" as you type a password:
Are you wanting to somehow encrypt the password and store it in a file? If so, you need to think of how you are going to mix it up and how you are going to reverse it. Maybe we can help with that, but you jhave to consider how you make the method secure. If someone can read the file and gets the string Krfmase7fjh!kwern and can read you code on how to reverse it, then the can manually follow the process. Even if you convert it to unprintable characters, then they could still use od to get the character codes and work from there.
If your decrypting script does something like this:-
Read access encrypted password from file
Decrypt value and feed to another command in plain text
..... then the above is a problem. If your logic follows more that:-
You store the encrypted password
Another process has to check the user password by encrypting and matching the stored value
... then this may be better, however if you code continues by doing something obvious because the password check is confirmed, then if they can read your code, they can just do the same but exclude the password checking. Consider:-
Code:
read passwd?"What is the password? "
check_password $passwd
if [ $? = 0 ] # True returned from check_password function for accepted password
then
vi /data_dir/payroll_file
else
echo "You are not authorised!"
fi
There is nothing to stop a user reading this and just running vi /data_dir/payroll_file
1. If you are a root and you trying to hide the password from other users, give 400 permission to that flat file.
2. If you have a DB available, create a table and store the password into it rather having that in a flat file.
3. Try your own encoding algorithm something like this. convert your passwd into some code, store it and decode with your logic again.
Not sure on the description, but here is a quick rundown.
I have 2 servers, we'll call them
serverA
serverB
On serverB, I am calling a script that inside it has the following:
ssh srvdsadm@serverB sudo -u dsadm /opt/apps/DataStage/scripts/autoDeploy.sh ${projName} ${subProjVar}... (1 Reply)
Hi,
I currently have a UNIX script with a function that uses a username and password to connect to the database, retrieve some information and then exit.
At the moment, am getting the username and password from a hidden plain text file and permission set to -r--------, i.e. read only to who... (1 Reply)
class B
{
public:
void fns(void){//base def;}
};
class D:public B
{
public:
void fns(void) {//new def;}
};
I was thinking the above is overriding but somewhere else i found the above is just hiding.Only virtual functions can be considered as overriding?
This is the exact statement ... (1 Reply)
Hello all ,
I looked up this site for solutions to hide login info from ps -ef | grep like using a seperate file and store the password in that especially for oracle sqlplus scripts.
I just got this thought , But dont know how to implement this in UNIX.
Is there a way to revoke access from... (17 Replies)
Hello. A bit of a puzzle here:
I have a 3rd party executable, which requires the following parameters:
parm1 = program_name, parm2=userid/password, parm3=additional flags.
We tried passing password as a variable, but you can do grep, and see what the password actually is
I found a bit... (2 Replies)
Hi,
I have a simple script to ftp from unix to a mainframe to get and put files. Currently I have the password setup in a VARS file and dereference the var in my script. Doing it this way allws me to change the password in only one place but it is still viewable for many people. Is there any... (6 Replies)
Can Anybody please help me with the command in Unix/Linux which can help me hide the files which is equal to ATTRIB in DOS
Not using . , but any commands in unix which will do this
if you any script which will do this ,it will be very helpful
Its very URGENT
Regards
Victor (9 Replies)
Hello,
I am trying to figure out away to hide a command from users when performing a ps check. I have a ksh that purges a table in a database. If I perform a >ps -eaf |grep ksh, I get the login id and password. I do not want other users seeing this. Is there a way to hide this. The login... (5 Replies)
Is there anyone who knows how to hide an IP from being logged by the site you are visiting. I know of some paid companies but I am looking for a different solution. Is there some way in UNIX to mask the ip.
Help this is urgent.
Datopdog (1 Reply)
I'm calling a program with a command line arguement containing a password. while the process is running anyone on the system can ps -ef and see the password. Is there a way to prevent this from happening.
example
PROGRAM USERNAME/PASSWD
I've also tried
PROGRAM `cat passfile`
... (7 Replies)
08-07-2013
