How to put password in file safe?

JSB · 05-11-2021, 01:21 AM

Hello i have script and need automatuc password to enter.
script is execute trough user http.
I want to store password safe, not in plain in config file.

How can I do?

TIA

pan64 · 05-11-2021, 02:07 AM

This is unclear (at least for me)

Quote:

Originally Posted by JSB

script is execute trough user http.

Where do you need authentication? To connect to the http server, to execute something somewhere, or what?
Which language is it? What kind of environment is it?

smallpond · 05-11-2021, 08:03 AM

If you must store a password, then just store it in a plain text file with permission 0400 (r for user http, none for anyone else). There is no point in obfuscating the password; if the script can decode it then anyone can. Use expect to read $(cat privatedirectory/passwordfile) and enter the password. Don't use the same password anywhere else or for anything critical, as this is not very safe. Also don't do what sshpass does, which is to put the password in plain text on the command line, where anyone doing ps can see it.

scasey · 05-11-2021, 02:00 PM

apache auth is the recommended method to password pages or sections of a web site.
Access is configured in the config file or a .htaccess file.
https://httpd.apache.org/docs/current/howto/auth.html

The password(s) are stored in a file not in the web root, and are encrypted.