• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Hiding user/password credentials in a script
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hiding user/password credentials in a script


  • Subject: Re: Hiding user/password credentials in a script
  • From: Barry Wainwright <email@hidden>
  • Date: Sun, 14 Sep 2008 23:21:06 +0100


On 14 Sep 2008, at 17:38, Axel Luttgens wrote:

Le 14 sept. 08 à 18:18, Jim Skibbie a écrit :

I have a script that acts as a library that houses some credentials that allow the scripts to mount certain volumes in our network and do other things that require credentials. The other scripts load this script and then reference properties from it.

[...]

This all works great and it allows me to have one place where the user and password are stored so whenever the password changes, I change it in one place in the library.scpt and all the other scripts keep functioning.

The problem is that the library.scpt can be snooped to get the password. Even if I make the file “library.scpt” run-only, if you open it up in a text editor, you can see the copy “testuser” and “testpassword” among the gibberish. Not sure if the screen grab will make it through the mailing list.


<image.png>

Is there a good method for doing something like this where the user credentials are not visible/snoop-able?

Hello Jim,

There's no easy solution once one needs to securely store a password.

Either one tries to obfuscate the cleartext password by using some more or less clever algorithm; but the algorithm itself should be safely stored/encrypted, and AppleScript compiled scripts may anyway be decompiled...
Or one encrypts the password with the help of some key (i.e. another password), but then that key can't be stored in the script, unless one wants to enter an endless story.


That's were keychains may prove of some help; they allow to securely store passwords/secrets by making use of the user's session password.
Perhaps could you have a look at the Keychain Scripting addition?
Moreover, depending on the needs, perhaps just creating once the required keychains with the help of Keychain Access.app (in the / Application/Utilities folder) might be sufficient.


HTH,
Axel

Use the hash routines built into OS X - then, compare the hash of an entered password to the stored hash:


property goodHash : "xyrOerNabg/c."
set thePassword to text returned of (display dialog "input a password:" default answer "type password here")
set passHash to do shell script "openssl passwd -salt xyz " & quoted form of thePassword
if passHash = goodHash then
-- do good stuff here
else
display dialog "Password Incorrect!"
return
end if



The match will only work if you enter "this is a password" as the password.




_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users

This email sent to email@hidden
  • Follow-Ups:
    • Re: Hiding user/password credentials in a script
      • From: Michelle Steiner <email@hidden>
References: 
 >Hiding user/password credentials in a script (From: Jim Skibbie <email@hidden>)
 >Re: Hiding user/password credentials in a script (From: Axel Luttgens <email@hidden>)

  • Prev by Date: Re: Illustrator position of selection
  • Next by Date: Re: Hiding user/password credentials in a script
  • Previous by thread: Re: Hiding user/password credentials in a script
  • Next by thread: Re: Hiding user/password credentials in a script
  • Index(es):
    • Date
    • Thread