Re: [dev] FTP script: how to store password?

From: Andrew Hills <ahills_AT_ednos.net>
Date: Sat, 9 Feb 2013 19:40:31 -0500

On Sat, Feb 09, 2013 at 12:20:58PM +0100, Hugues Moretto-Viry wrote:
> Anyway, I need to store my passwords so I chose SQlite, because I don't
> want to put them in a regular file or in the script.
> Unfortunately, I think this is not really perfect.
>
> Do you know how to store my passwords outside the script (maybe hashed), in
> the suckless way?

If you need to store your passwords and you trust that setting the files to
readonly on your system will protect them sufficiently, then store them in text
files as has been suggested. Obfuscating your passwords will work great until
someone is interested in finding them, in which case the interested parties will
just open your script and find how they are stored and obtain them in the same
manner as the script does. If your sysadmin cannot be trusted, you must encrypt
your passwords in such a way that entering a password is required to retrieve
them each time; try "man 1 openssl" on most Linux systems.

-AH
Received on Sun Feb 10 2013 - 01:40:31 CET

This archive was generated by hypermail 2.3.0 : Thu Feb 21 2013 - 19:17:43 CET