Passwords in cron scripts
Mark Carter
external resources (like a newsserver) - for which passwords are
required. I currently have them stored in the scripts themselves (ouch!)
- and was wondering if there was a more secure solution.
Peter Hansen
Secure from whom? It's likely they are already being sent in clear text
when they are transmitted to the server, so at the very least they are
visible to anyone on that machine or on any other machine on your
network who can run something like tcpdump, and to anyone with access to
any of the machines on any of the other networks which carry traffic
between yours and the ultimate network where the server lives.
That's a lot of people already, without even looking at people with
login access to the machine in question.
-Peter
David Wahler
Any form of authentication requires some kind of secret data that
uniquely identifies the party in question -- in this case, the password
identifies your script. To run on behalf of you, the Python interpreter
must be able to have that password. Short of a full-blown Trusted
Computing system, it's impossible for that data to be stored in a form
which Python can use but nobody else can. I'm afraid you just have to
rely on the security of your operating system.
-- David