[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

How to take password from user

sujeet kumar

6/9/2005 4:20:00 PM

Hi
I have to take some password from user in a Ruby Program. I want
that when he type password an echo character like * prints on screen
and the program gets the password as string. I am using Ruby function
"gets" to get password. I don't want password to be seen by others.
Suggest me some way.
Thanks
sujeet
8 Answers

James Gray

6/9/2005 4:59:00 PM

0

On Jun 9, 2005, at 11:19 AM, sujeet kumar wrote:

> Hi
> I have to take some password from user in a Ruby Program. I want
> that when he type password an echo character like * prints on screen
> and the program gets the password as string. I am using Ruby function
> "gets" to get password. I don't want password to be seen by others.
> Suggest me some way.

The HighLine library (http://highline.ruby...) on RubyForge
makes this (and more) trivial. Here's an example using that library:

#!/usr/local/bin/ruby -w

require "rubygems"
require "highline/import"

pass = ask("Enter your password: ") { |q| q.echo = false } # or
q.echo = "*"
puts "Your password is #{pass}!"

__END__

Hope that helps.

James Edward Gray II

Ara.T.Howard

6/9/2005 6:09:00 PM

0

James Gray

6/9/2005 6:28:00 PM

0

On Jun 9, 2005, at 1:08 PM, Ara.T.Howard wrote:

> On Fri, 10 Jun 2005, James Edward Gray II wrote:
>
>
>> #!/usr/local/bin/ruby -w
>>
>> require "rubygems"
>> require "highline/import"
>>
>> pass = ask("Enter your password: ") { |q| q.echo = false } # or
>> q.echo = "*"
>> puts "Your password is #{pass}!"
>>
>> __END__
>
> does this clear out the password buffer in memory?

Forgive me if I didn't understand your question completely, but I
believe the answer is basically yes.

Behind the scenes, HighLine is using a cross platform character
reader and just accumulating the results in a local variable. It
returns the contents of that variable to you and then the scope is lost.

I hope that's what you meant, but feel free to correct me if I just
didn't get the question.

James Edward Gray II

Ara.T.Howard

6/9/2005 6:55:00 PM

0

James Gray

6/9/2005 7:08:00 PM

0

On Jun 9, 2005, at 1:55 PM, Ara.T.Howard wrote:

> hmmm... it's probably still in memory for a while unless there is
> an explicit
> method to clear it. some password libs have this feature.

I'm trying to envision how I could improve this... If you can give
me any suggestions, I'll be happy to consider them for a future release.

To be clear though, I'm in no away claiming that HighLine offers
ironclad security. It seemed to me that the original question was
how to hide a password from casual onlookers and HighLine does make
that trivial, I think.

James Edward Gray II

Marcel Molina Jr.

6/9/2005 7:16:00 PM

0

On Fri, Jun 10, 2005 at 01:19:45AM +0900, sujeet kumar wrote:
> I have to take some password from user in a Ruby Program. I want
> that when he type password an echo character like * prints on screen
> and the program gets the password as string. I am using Ruby function
> "gets" to get password. I don't want password to be seen by others.
> Suggest me some way.

Aside from the Highline approach already mentioned there is a password
library in Ruby:

http://www.caliban.org/ruby/ruby-pass...

marcel
--
Marcel Molina Jr. <marcel@vernix.org>

James Gray

6/10/2005 2:07:00 PM

0

On Jun 9, 2005, at 1:55 PM, Ara.T.Howard wrote:

> hmmm... it's probably still in memory for a while unless there is
> an explicit
> method to clear it. some password libs have this feature.

Would something like the following be an improvement, do you think?

#!/usr/local/bin/ruby -w

def fetch_password
pass = ""
pass << "password"
pass
ensure
pass = nil
end

p fetch_password # => "password"

__END__

James Edward Gray II

Guillaume Marcais

6/10/2005 4:18:00 PM

0

On Fri, 2005-06-10 at 23:07 +0900, James Edward Gray II wrote:
> On Jun 9, 2005, at 1:55 PM, Ara.T.Howard wrote:
>
> > hmmm... it's probably still in memory for a while unless there is
> > an explicit
> > method to clear it. some password libs have this feature.
>
> Would something like the following be an improvement, do you think?
>
> #!/usr/local/bin/ruby -w
>
> def fetch_password
> pass = ""
> pass << "password"
> pass
> ensure
> pass = nil
> end
>
> p fetch_password # => "password"
>
> __END__

Or something like (untested):

def fetch_password
pass = ""
pass << "password"
yield pass
ensure
pass[0..-1] = "\0" * pass.size
pass = nil
end

fetch_password do |pass|
# check validity but do not copy/link pass anywhere
end


Guillaume.