• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Storing passwords in scripts
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Storing passwords in scripts

  • Subject: Storing passwords in scripts
  • From: Jon Pugh <email@hidden>
  • Date: Tue, 21 Jan 2003 21:38:30 -0800
At 1:58 PM -0700 1/20/03, Henrik Boes wrote:
>Of course, as someone else mentioned, there is the security issue of making the admin password plain to see.

So, here's a technique for disguising an embedded password which uses the openssl command's passwd function to encrypt a password. This won't be much use if you are storing a password to pass to other functions, like the admin password but it will work well for passwords which a script might use to prevent them from functioning, and won't be snoopable.

The basic theory is that you encrypt the password you get from the user and store that in a property. Then, when you ask the user for a password, you encrypt that one and compare the encrypted versions. You cannot decrypt these passwords, which is what makes this technique useful.

The salt property is essentially a random seed. Leaving salt blank results in a random encryption, which is difficult to duplicate. You could, theoretically, use a password for your salt, which would allow you to encrypt something else for a specific user.

This requires X, of course. Run it once to set the password, then run it over and over again while entering correct and incorrect passwords. It's not too complicated. ;)

Now I just need to figure a way of managing admin passwords like this.

Jon


property password : ""
property salt : "bitezmoi"

if password = "" then
display dialog "Please set the password:" default answer ""
set password to text returned of the result
set password to do shell script ("openssl passwd -salt " & salt & " " & password)
else
display dialog "Please enter the password:" default answer ""
set pw to text returned of the result
set pw to do shell script ("openssl passwd -salt " & salt & " " & pw)
if pw = password then
display dialog "That was the correct password"
else
display dialog "That was an incorrect password"
end if
end if
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: Storing passwords in scripts
      • From: Emmanuel <email@hidden>
    • Re: Storing passwords in scripts
      • From: Paul Berkowitz <email@hidden>
References: 
 >RE: AS to Change Owner of files (From: Henrik Boes <email@hidden>)

  • Prev by Date: Re: Fm Insert movie
  • Next by Date: Re: Storing passwords in scripts
  • Previous by thread: RE: AS to Change Owner of files
  • Next by thread: Re: Storing passwords in scripts
  • Index(es):
    • Date
    • Thread