Encrypt the password ,decrypt it,source it in an expect script...!!
Hello folks
I have a conf file ,say 'pass.conf' ,which is storing ascii password : PASS1111.
I need to encrypt this password once and store it in a file.
I ,then need to write a script which would read this encrypted password and decrypts it.The o/p o this script shud be this decrypted password ,which i would get it set in an expect script.
I need some guidance on it as i am not exactly clear how to do it.
I know how to set password in expect script using 'exec'.
A password that's encrypted in a recoverable way, and decrypted right in the program there, is not much better than a plaintext password anyway. Try sudo instead of passwords, so you don't need to build gaping security holes into your software.
You are right in general but here i have a simple design.Encrypted password stored in a file,decrypted by my script and directly passed to expect script.Its not a robust design but satisfies what i must do now.
@sysgate
Link helps me understand the concept but does not help my situation.I wish to write a simple-to-moderate (complex) script to decrypt the encrypted password.
Requesting everyone to advise on how can this be done.
You are right in general but here i have a simple design.Encrypted password stored in a file,decrypted by my script and directly passed to expect script.Its not a robust design but satisfies what i must do now.
It's not that it's simple -- it's just wrong and can't be fixed by making it more complicated. No matter how many layers of encryption you paste on, anyone who sees your program can get the password at will. Just 'chmod -r' would be a lot more secure than this rube goldberg machine.
If you just want to hide the password from grepping, you could put it through base64...
openssl has lots of ciphers, so I could make this more complicated, but the problem remains: anyone who views the file is handed the code to crack your password library on a silver platter. This scheme is not and cannot be secure. If I knew your actual goal in this, I could help you find ways with security beyond the illusory...
I was going to suggest that second approach, as Corona688 stated - better avoid encrypt/decrypt process, but rather cut down the rights on that machine, in terms of root access, make the file exclusively locked, and keep the password in plain text. Then, whenever a password has to be read by the expect script, chmod the file, temporarily, the script will parse the password, and then lock the file again. Unfortunately, expect/TCL doesn't bring much into security, its first purpose was to be convenient for automation, both local and remote, thus avoiding user interactions. I have a few very handy expect scripts available, but only on test machines with limited access - both virtual and physical.
Hello,
I have the following UNIX shell script which connects to the teradata database and executes the SQL Queries. For this, I am passing database name, username and password. I don't want to reveal my password to anyone. So, is there any way that I can encrypt my password and read the... (2 Replies)
Dear All,
I have a requirement where I have to SFTP or SCP a file in a batch script. Unfortunately, the destination server setup is such that it doesn't allow for shell command line login. So, I am not able to set up SSH keys. My source server is having issues with Expect. So, unable to use... (5 Replies)
Hi All,
very good morning all.
I am trying to connect to informatica repository by using shell script.
I have written pmrep connect command in the script file. But i need to provide repository, domain ,username and password to connect. Username and password are hard coded in the script... (8 Replies)
Hi All,
I have stored Oracle database passwords in a hidden file - .pass_file.
My shell script reads the hidden file, gets the password and then logs in to the Oracle database and runs some SQL script.
My requirement is:
I need to provide the shell script to be executed by someone else. So,... (1 Reply)
Hi,
I have a SQL which i want to run through a shell script.
query_result=`/home/oracle/product/11.2.0/bin/sqlplus -S uname/pwd@DBNAME <<!
set heading off feedback off trimspool on
set pagesize 0
set linesize 9999
spool $PARAM_PATH/param_name.txt;
Select sysdate from dual;
spool off;... (6 Replies)
Hi,
I have run the below script which is connected to db2 v9.5. There is no issue. The only problem is how to encrypt the dbpwd?
#!/bin/ksh
#---- Set Environment
dbalias="dev1db"
dbuser="user1"
dbpwd="password"
#---- Connect to the Database
cd /opt/ibm/db2/V9.5/bin
db2 "connect to... (1 Reply)
Hi
I have following problem Im writing a script (in bash ) , where need to be written login & passwd for databas client .
Its need to in following form login passwd@dbhostname .
The problem is so anybody can read it so the passwd & login are visible and thats not very safety .
Can... (8 Replies)
Hi,
I have written a shell script in unix for my customer. Now I want to make it only execute and not to read/write. Can anybody help me how to set password protect/encript my script.
Thanks
Suresh (3 Replies)
To perform a black box testing and get users' feedback, we are planning to deploy a script in a common location and ask users to execute the script. However we do not want them to have a look at the script until the testing is done. I know this is against the open source concept, but it will be for... (7 Replies)
Could someone please help me...I have an expect script. There's a need for a log in during the script and a password is required...right now the password is just a variable in the expect script...what would be the best way to put that in an encrypted flat file and have the expect script pull the... (2 Replies)