• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Hiding user/password credentials in a script
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hiding user/password credentials in a script


  • Subject: Re: Hiding user/password credentials in a script
  • From: Axel Luttgens <email@hidden>
  • Date: Sun, 14 Sep 2008 18:38:37 +0200

Le 14 sept. 08 à 18:18, Jim Skibbie a écrit :

I have a script that acts as a library that houses some credentials that allow the scripts to mount certain volumes in our network and do other things that require credentials. The other scripts load this script and then reference properties from it.

[...]

This all works great and it allows me to have one place where the user and password are stored so whenever the password changes, I change it in one place in the library.scpt and all the other scripts keep functioning.

The problem is that the library.scpt can be snooped to get the password. Even if I make the file “library.scpt” run-only, if you open it up in a text editor, you can see the copy “testuser” and “testpassword” among the gibberish. Not sure if the screen grab will make it through the mailing list.


<image.png>

Is there a good method for doing something like this where the user credentials are not visible/snoop-able?

Hello Jim,

There's no easy solution once one needs to securely store a password.

Either one tries to obfuscate the cleartext password by using some more or less clever algorithm; but the algorithm itself should be safely stored/encrypted, and AppleScript compiled scripts may anyway be decompiled...
Or one encrypts the password with the help of some key (i.e. another password), but then that key can't be stored in the script, unless one wants to enter an endless story.


That's were keychains may prove of some help; they allow to securely store passwords/secrets by making use of the user's session password.
Perhaps could you have a look at the Keychain Scripting addition?
Moreover, depending on the needs, perhaps just creating once the required keychains with the help of Keychain Access.app (in the / Application/Utilities folder) might be sufficient.


HTH,
Axel

_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users

This email sent to email@hidden
  • Follow-Ups:
    • Re: Hiding user/password credentials in a script
      • From: Barry Wainwright <email@hidden>
References: 
 >Hiding user/password credentials in a script (From: Jim Skibbie <email@hidden>)

  • Prev by Date: Re: Hiding user/password credentials in a script
  • Next by Date: Re: make new folder behavior
  • Previous by thread: Re: Hiding user/password credentials in a script
  • Next by thread: Re: Hiding user/password credentials in a script
  • Index(es):
    • Date
    • Thread