Asp Forum - Re: Hiding a password in code.

Michael Morin

6/30/2008 5:37:00 PM

Dana Merrick wrote:
> Hello!
>
> The other day I wrote a small Ruby app to check my finances on Mint.com.
> My intentions were to have this script run every once and a while and
> display the information on my desktop (via a tool like Conky or GeekTool).
>
> My problem is, how do I handle my password? Here are the two situations
> I've considered:
>
> 1) Use the command line to enter the password.
> 2) Have the password stored in the script via some sort of encryption.
>
> Neither of these seem very secure. In the first option, someone can
> sniff my password via the "ps" utility, and in the second, someone could
> view the source code and figure it out.
>
> Security isn't a HUGE priority, as this account doesn't really have
> access to anything serious. Right now, I have the password in the file,
> encrypted with ROT13 (hah!), just to make it a little harder for someone
> skimming the source to figure it out.
>
> Any ideas on how to handle this situation?
>
> -Dana
>
>

Store your password in an encrypted file. When you start the script up,
enter the encryption password to decrypt the file so your Ruby script
can grab it and keep it in memory. It won't be stored in plaintext in
the file (but will probably end up in swap if you're really paranoid).

This is about as effective as entering the password as the script starts
come to think of it. This has always been a problem. You can't store
the password to be retrieved automatically, the best you can do it
obfuscate it. And you're right, never give passwords on the
command-line. Scripts that need passwords should read them from
keyboard or STDIN. Especially if you're on a shared machine.

--
Michael Morin
Guide to Ruby
http://ruby....
Become an About.com Guide: beaguide.about.com
About.com is part of the New York Times Company

10 Answers

Mitchell Holman

9/30/2007 7:26:00 PM

"Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
news:46FFF253.C7450968@yahoo.co.uk:

>
>
> Travis Bickle wrote:
>>
>> "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
>> message news:46FE7FC8.F495E1D4@yahoo.co.uk...
>> >
>> >
>> > Mitchell Holman wrote:
>> >>
>> >> "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
>> >> news:46FDD185.6A9E08C7@yahoo.co.uk:
>> >>
>> >> >
>> >> >
>> >> > Mitchell Holman wrote:
>> >> >>
>> >> >> "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
>> >> >> news:46FD4827.A5C06088@yahoo.co.uk:
>> >> >>
>> >> >> >
>> >> >> >
>> >> >> > reality wrote:
>> >> >> >>
>> >> >> >> On Sep 28, 9:53 am, "Bill Bonde ( 'Hi ho' )"
>> >> >> >> <tributyltinpa...@yahoo.co.uk> wrote:
>> >> >> >> > Mitchell Holman wrote:
>> >> >> >> >
>> >> >> >> > > "Bill Bonde ( 'Hi ho' )" <tributyltinpa...@yahoo.co.uk>
>> >> >> >> > > wrote in
>> >> >> >> > >news:46FC66D9.6AFB53A2@yahoo.co.uk:
>> >> >> >> >
>> >> >> >> > > > reality wrote:
>> >> >> >> >
>> >> >> >> > > >> On Sep 27, 2:53 pm, "Bill Bonde ( 'Hi ho' )"
>> >> >> >> > > >> <tributyltinpa...@yahoo.co.uk> wrote:
>> >> >> >> > > >> > Are you really going to invert all your tripe and
>> >> >> >> > > >> > start spinning praise on the Democrat party economy,
>> >> >> >> > > >> > et al? Or
>> >> will
>> >> >> >> > > >> > it be "Bush economy still dooming Democrat efforts to
>> >> >> >> > > >> > breath
>> >> >> >> > > >> > life into it"?
>> >> >> >> >
>> >> >> >> > > >> Sounds exactly like you're describing the flat headed,
>> >> >> >> > > >> flat Earth repugs that went around blaming Clinton for
>> >> >> >> > > >> Dumbya's recessions and stupid economic policies.
>> >> >> >> >
>> >> >> >> > > > The only recession that has occurred during Bush's terms
>> >> started
>> >> >> >> > > > when Clinton was president.
>> >> >> >> >
>> >> >> >> > > If it goes wrong on Clinton's watch it is Clinton's fault.
>> >> >> >> > > If it goes wrong on Bush's watch it is STILL Clinton's
>> >> >> >> > > fault.
>> >> >> >> >
>> >> >> >> > > In all things, Blame Clinton First.
>> >> >> >> >
>> >> >> >> > Why do you keep making this claim?
>> >> >> >>
>> >> >> >> Because it's true.
>> >> >> >>
>> >> >> > That it's all Clinton's fault?
>> >> >> >
>> >> >> >
>> >> >> >> > It's not not what Conservatives are
>> >> >> >> > saying or have said. I think you just don't want to admit
>> >> >> >> > what is Clinton's fault.
>> >> >> >>
>> >> >> >> One thing that's clearly not Clinton's fault is a trillion
>> >> >> >> dollar
>> >> fake
>> >> >> >> oil war based on bald faced lies.
>> >> >> >>
>> >> >> > The effort in Iraq isn't about oil, it's about trying to deal
>> >> >> > with the
>> >> >> > hopelessness of the region that brought us the events of
>> >> >> > September 11.
>> >> >>
>> >> >> What did Iraq have to do with 9/11, again?
>> >> >>
>> >> > I've explained this to you a hundred times.
>> >>
>> >> Oh, yes. Iraq was in the Middle East, the hijackers
>> >> came from the Middle East, therefore Iraq attacked America.
>> >>
>> >> Does that about cover it?
>> >>
>> > No, and you know it.
>> >
>> >
>> No WMDs, hijackers all from Saudi Arabia or Egypt, Saddam's fearsome
>> army defeated in a few weeks...Say, WTF ARE we doing in Eyerack,
>> Blondie?
>>
> If you'll recall, it was your crowd that claimed that Saddam's army was
> war-hardened and capable.

Just the opposite. The left was saying that Saddam's
army was a pitiful shell of it's former self, thus a
threat to no one and thus no need to invade. Even Saddams
hated enemies Iran and Turkey said Saddam was impotent
and easily contained. Something even Colin Polin agreed with.

"Saddam Hussein has not developed any significant
capability with respect to weapons of mass destruction.
He is unable to project conventional power against his
neighbours."
- Colin Powell February 24 2001

> They lost in a few weeks. Now you want to once
> again ask why the US is fighting in Iraq. The answer, as I keep
> explaining over and over again, is to try to deal with the hopelessness
> of the Middle East region, which is what gives bin Laden his warm bodies
> willing to blow themselves and innocent others to bloody bits.

There WAS NO bin Laden in Iraq until Bush invaded, remember?

Mitchell Holman

"Saddam was contained with the no-fly, no-drive
zones and by the embargoes; he was under control
and was not a threat to anyone."
General Zinni, former Commander of Central Command
of U.S. Military, and Special Envoy to the Middle
East in the Bush Administration, May 24, 2004

Mitchell Holman

9/30/2007 7:30:00 PM

"Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
news:46FFF1EE.3246D4B@yahoo.co.uk:

>
>
> Mitchell Holman wrote:
>>
>> "Travis Bickle" <youtalkin@tome.com> wrote in news:xeBLi.1938$P21.1171
>> @newssvr19.news.prodigy.net:
>>
>> >
>> > "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
>> > message news:46FE7FC8.F495E1D4@yahoo.co.uk...
>> >>
>> >>
>> >> Mitchell Holman wrote:
>> >>>
>> >>> "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
>> >>> news:46FDD185.6A9E08C7@yahoo.co.uk:
>> >>>
>> >>> >
>> >>> >
>> >>> > Mitchell Holman wrote:
>> >>> >>
>> >>> >> "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
>> >>> >> news:46FD4827.A5C06088@yahoo.co.uk:
>> >>> >>
>> >>> >> >
>> >>> >> >
>> >>> >> > reality wrote:
>> >>> >> >>
>> >>> >> >> On Sep 28, 9:53 am, "Bill Bonde ( 'Hi ho' )"
>> >>> >> >> <tributyltinpa...@yahoo.co.uk> wrote:
>> >>> >> >> > Mitchell Holman wrote:
>> >>> >> >> >
>> >>> >> >> > > "Bill Bonde ( 'Hi ho' )" <tributyltinpa...@yahoo.co.uk>
>> >>> >> >> > > wrote in
>> >>> >> >> > >news:46FC66D9.6AFB53A2@yahoo.co.uk:
>> >>> >> >> >
>> >>> >> >> > > > reality wrote:
>> >>> >> >> >
>> >>> >> >> > > >> On Sep 27, 2:53 pm, "Bill Bonde ( 'Hi ho' )"
>> >>> >> >> > > >> <tributyltinpa...@yahoo.co.uk> wrote:
>> >>> >> >> > > >> > Are you really going to invert all your tripe and
>> >>> >> >> > > >> > start spinning praise on the Democrat party economy,
>> >>> >> >> > > >> > et al? Or
>> >>> will
>> >>> >> >> > > >> > it be "Bush economy still dooming Democrat efforts
>> >>> >> >> > > >> > to breath
>> >>> >> >> > > >> > life into it"?
>> >>> >> >> >
>> >>> >> >> > > >> Sounds exactly like you're describing the flat headed,
>> flat
>> >>> >> >> > > >> Earth repugs that went around blaming Clinton for
>> >>> >> >> > > >> Dumbya's recessions and stupid economic policies.
>> >>> >> >> >
>> >>> >> >> > > > The only recession that has occurred during Bush's
>> >>> >> >> > > > terms
>> >>> started
>> >>> >> >> > > > when Clinton was president.
>> >>> >> >> >
>> >>> >> >> > > If it goes wrong on Clinton's watch it is Clinton's
>> >>> >> >> > > fault. If it goes wrong on Bush's watch it is STILL
>> >>> >> >> > > Clinton's fault.
>> >>> >> >> >
>> >>> >> >> > > In all things, Blame Clinton First.
>> >>> >> >> >
>> >>> >> >> > Why do you keep making this claim?
>> >>> >> >>
>> >>> >> >> Because it's true.
>> >>> >> >>
>> >>> >> > That it's all Clinton's fault?
>> >>> >> >
>> >>> >> >
>> >>> >> >> > It's not not what Conservatives are
>> >>> >> >> > saying or have said. I think you just don't want to admit
>> >>> >> >> > what
>> is
>> >>> >> >> > Clinton's fault.
>> >>> >> >>
>> >>> >> >> One thing that's clearly not Clinton's fault is a trillion
>> >>> >> >> dollar
>> >>> fake
>> >>> >> >> oil war based on bald faced lies.
>> >>> >> >>
>> >>> >> > The effort in Iraq isn't about oil, it's about trying to deal
>> >>> >> > with the
>> >>> >> > hopelessness of the region that brought us the events of
>> >>> >> > September 11.
>> >>> >>
>> >>> >> What did Iraq have to do with 9/11, again?
>> >>> >>
>> >>> > I've explained this to you a hundred times.
>> >>>
>> >>> Oh, yes. Iraq was in the Middle East, the hijackers
>> >>> came from the Middle East, therefore Iraq attacked America.
>> >>>
>> >>> Does that about cover it?
>> >>>
>> >> No, and you know it.
>> >>
>> >>
>> > No WMDs, hijackers all from Saudi Arabia or Egypt, Saddam's fearsome
>> > army defeated in a few weeks...Say, WTF ARE we doing in Eyerack,
>> > Blondie?
>> >
>> >
>>
>> First we had stay until the WMDs could be found
>> Then we had to stay until an interim government was in place
>> Then we had to stay until Saddam was captured
>> Then we had to stay until a government could be elected
>> Then we had to stay until a constitution could be voted on
>> Then we had to stay until parlimentary elections could be held
>> Then we had to stay until Iraqi units would "stand up"
>> Then we had to stay to give Iraqs government "breathing room"
>> And now we are staying until.......?
>>
> The US didn't say that it would leave when any of those things happened.

Nope - those are just the shifting excuses Bush
has used to justify keep US troop bogged down in a
war that everyone knows is a mistake.

Bush has already said he will never withdraw
troops from Iraq, remember?

Mitchell Holman

"Let's put it this way - money trumps peace"
George Bush, Feb 14, 2007

Bill Bonde { ''Well, boys, I reckon this is it, nuclear combat toe to toe with the Roosskies'')

9/30/2007 8:23:00 PM

Mitchell Holman wrote:
>
> "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
> news:46FFF1EE.3246D4B@yahoo.co.uk:
>
> >
> >
> > Mitchell Holman wrote:
> >>
> >> "Travis Bickle" <youtalkin@tome.com> wrote in news:xeBLi.1938$P21.1171
> >> @newssvr19.news.prodigy.net:
> >>
> >> >
> >> > "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
> >> > message news:46FE7FC8.F495E1D4@yahoo.co.uk...
> >> >>
> >> >>
> >> >> Mitchell Holman wrote:
> >> >>>
> >> >>> "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
> >> >>> news:46FDD185.6A9E08C7@yahoo.co.uk:
> >> >>>
> >> >>> >
> >> >>> >
> >> >>> > Mitchell Holman wrote:
> >> >>> >>
> >> >>> >> "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
> >> >>> >> news:46FD4827.A5C06088@yahoo.co.uk:
> >> >>> >>
> >> >>> >> >
> >> >>> >> >
> >> >>> >> > reality wrote:
> >> >>> >> >>
> >> >>> >> >> On Sep 28, 9:53 am, "Bill Bonde ( 'Hi ho' )"
> >> >>> >> >> <tributyltinpa...@yahoo.co.uk> wrote:
> >> >>> >> >> > Mitchell Holman wrote:
> >> >>> >> >> >
> >> >>> >> >> > > "Bill Bonde ( 'Hi ho' )" <tributyltinpa...@yahoo.co.uk>
> >> >>> >> >> > > wrote in
> >> >>> >> >> > >news:46FC66D9.6AFB53A2@yahoo.co.uk:
> >> >>> >> >> >
> >> >>> >> >> > > > reality wrote:
> >> >>> >> >> >
> >> >>> >> >> > > >> On Sep 27, 2:53 pm, "Bill Bonde ( 'Hi ho' )"
> >> >>> >> >> > > >> <tributyltinpa...@yahoo.co.uk> wrote:
> >> >>> >> >> > > >> > Are you really going to invert all your tripe and
> >> >>> >> >> > > >> > start spinning praise on the Democrat party economy,
> >> >>> >> >> > > >> > et al? Or
> >> >>> will
> >> >>> >> >> > > >> > it be "Bush economy still dooming Democrat efforts
> >> >>> >> >> > > >> > to breath
> >> >>> >> >> > > >> > life into it"?
> >> >>> >> >> >
> >> >>> >> >> > > >> Sounds exactly like you're describing the flat headed,
> >> flat
> >> >>> >> >> > > >> Earth repugs that went around blaming Clinton for
> >> >>> >> >> > > >> Dumbya's recessions and stupid economic policies.
> >> >>> >> >> >
> >> >>> >> >> > > > The only recession that has occurred during Bush's
> >> >>> >> >> > > > terms
> >> >>> started
> >> >>> >> >> > > > when Clinton was president.
> >> >>> >> >> >
> >> >>> >> >> > > If it goes wrong on Clinton's watch it is Clinton's
> >> >>> >> >> > > fault. If it goes wrong on Bush's watch it is STILL
> >> >>> >> >> > > Clinton's fault.
> >> >>> >> >> >
> >> >>> >> >> > > In all things, Blame Clinton First.
> >> >>> >> >> >
> >> >>> >> >> > Why do you keep making this claim?
> >> >>> >> >>
> >> >>> >> >> Because it's true.
> >> >>> >> >>
> >> >>> >> > That it's all Clinton's fault?
> >> >>> >> >
> >> >>> >> >
> >> >>> >> >> > It's not not what Conservatives are
> >> >>> >> >> > saying or have said. I think you just don't want to admit
> >> >>> >> >> > what
> >> is
> >> >>> >> >> > Clinton's fault.
> >> >>> >> >>
> >> >>> >> >> One thing that's clearly not Clinton's fault is a trillion
> >> >>> >> >> dollar
> >> >>> fake
> >> >>> >> >> oil war based on bald faced lies.
> >> >>> >> >>
> >> >>> >> > The effort in Iraq isn't about oil, it's about trying to deal
> >> >>> >> > with the
> >> >>> >> > hopelessness of the region that brought us the events of
> >> >>> >> > September 11.
> >> >>> >>
> >> >>> >> What did Iraq have to do with 9/11, again?
> >> >>> >>
> >> >>> > I've explained this to you a hundred times.
> >> >>>
> >> >>> Oh, yes. Iraq was in the Middle East, the hijackers
> >> >>> came from the Middle East, therefore Iraq attacked America.
> >> >>>
> >> >>> Does that about cover it?
> >> >>>
> >> >> No, and you know it.
> >> >>
> >> >>
> >> > No WMDs, hijackers all from Saudi Arabia or Egypt, Saddam's fearsome
> >> > army defeated in a few weeks...Say, WTF ARE we doing in Eyerack,
> >> > Blondie?
> >> >
> >> >
> >>
> >> First we had stay until the WMDs could be found
> >> Then we had to stay until an interim government was in place
> >> Then we had to stay until Saddam was captured
> >> Then we had to stay until a government could be elected
> >> Then we had to stay until a constitution could be voted on
> >> Then we had to stay until parlimentary elections could be held
> >> Then we had to stay until Iraqi units would "stand up"
> >> Then we had to stay to give Iraqs government "breathing room"
> >> And now we are staying until.......?
> >>
> > The US didn't say that it would leave when any of those things happened.
>
> Nope - those are just the shifting excuses Bush
> has used to justify keep US troop bogged down in a
> war that everyone knows is a mistake.
>
Those aren't shifting and they aren't excuses. As the effort develops,
the specific actions will change. The fact that you've been told what is
going on is testament that things are on the up and up.

> Bush has already said he will never withdraw
> troops from Iraq, remember?
>
He won't be president past 2009. A future president might bring them out
of Iraq, which is fine if the situation left behind is stable and
democratic.

--
"Throw me that lipstick, darling, I wanna redo my stigmata."

+-Jennifer Saunders, "Absolutely Fabulous"

Bill Bonde { ''Well, boys, I reckon this is it, nuclear combat toe to toe with the Roosskies'')

9/30/2007 8:29:00 PM

David Johnston wrote:
>
> On Sun, 30 Sep 2007 12:00:35 -0700, "Bill Bonde ( 'Hi ho' )"
> <tributyltinpaint@yahoo.co.uk> wrote:
>
> >> No WMDs, hijackers all from Saudi Arabia or Egypt, Saddam's fearsome army
> >> defeated in a few weeks...Say, WTF ARE we doing in Eyerack, Blondie?
> >>
> >If you'll recall, it was your crowd that claimed that Saddam's army was
> >war-hardened and capable.
>
> You know, I really don't recall that.
>
You don't recall your crowd?

> They lost in a few weeks. Now you want to once
> >again ask why the US is fighting in Iraq. The answer, as I keep
> >explaining over and over again, is to try to deal with the hopelessness
> >of the Middle East region, which is what gives bin Laden his warm bodies
> >willing to blow themselves and innocent others to bloody bits.
>
> And is fighting a lengthy guerilla war in Iraq for the next few
> decades going to be an effective way to alleviate hopelessness?
>
The process of mitigating hopelessness is going to take time and will
require looking beyond current events. For example, a functioning
democracy in Iraq could be a light to other nearby nations how to modify
their political systems in order to give people more of a say in their
daily lives and the direction of their respective countries.

When people feel involved in things, they are less hopeless because they
can act and their actions potentially can have positive benefit. If they
feel that they can't act, some are susceptible to extremist notions,
especially troublesome are notions based on actions in this life to get
rewards in the next when those notions are implanted by evildoers such
as bin Laden. People can usually resist such thing when they can see the
potential of building a future for themselves and especially for their
families. This community effort replaces striking out like a wild cat in
a corner.

--
"Throw me that lipstick, darling, I wanna redo my stigmata."

+-Jennifer Saunders, "Absolutely Fabulous"

Bill Bonde { ''Well, boys, I reckon this is it, nuclear combat toe to toe with the Roosskies'')

9/30/2007 8:32:00 PM

Mitchell Holman wrote:
>
> "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
> news:46FFF253.C7450968@yahoo.co.uk:
>
> >
> >
> > Travis Bickle wrote:
> >>
> >> "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
> >> message news:46FE7FC8.F495E1D4@yahoo.co.uk...
> >> >
> >> >
> >> > Mitchell Holman wrote:
> >> >>
> >> >> "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
> >> >> news:46FDD185.6A9E08C7@yahoo.co.uk:
> >> >>
> >> >> >
> >> >> >
> >> >> > Mitchell Holman wrote:
> >> >> >>
> >> >> >> "Bill Bonde ( 'Hi ho' )" <tributyltinpaint@yahoo.co.uk> wrote in
> >> >> >> news:46FD4827.A5C06088@yahoo.co.uk:
> >> >> >>
> >> >> >> >
> >> >> >> >
> >> >> >> > reality wrote:
> >> >> >> >>
> >> >> >> >> On Sep 28, 9:53 am, "Bill Bonde ( 'Hi ho' )"
> >> >> >> >> <tributyltinpa...@yahoo.co.uk> wrote:
> >> >> >> >> > Mitchell Holman wrote:
> >> >> >> >> >
> >> >> >> >> > > "Bill Bonde ( 'Hi ho' )" <tributyltinpa...@yahoo.co.uk>
> >> >> >> >> > > wrote in
> >> >> >> >> > >news:46FC66D9.6AFB53A2@yahoo.co.uk:
> >> >> >> >> >
> >> >> >> >> > > > reality wrote:
> >> >> >> >> >
> >> >> >> >> > > >> On Sep 27, 2:53 pm, "Bill Bonde ( 'Hi ho' )"
> >> >> >> >> > > >> <tributyltinpa...@yahoo.co.uk> wrote:
> >> >> >> >> > > >> > Are you really going to invert all your tripe and
> >> >> >> >> > > >> > start spinning praise on the Democrat party economy,
> >> >> >> >> > > >> > et al? Or
> >> >> will
> >> >> >> >> > > >> > it be "Bush economy still dooming Democrat efforts to
> >> >> >> >> > > >> > breath
> >> >> >> >> > > >> > life into it"?
> >> >> >> >> >
> >> >> >> >> > > >> Sounds exactly like you're describing the flat headed,
> >> >> >> >> > > >> flat Earth repugs that went around blaming Clinton for
> >> >> >> >> > > >> Dumbya's recessions and stupid economic policies.
> >> >> >> >> >
> >> >> >> >> > > > The only recession that has occurred during Bush's terms
> >> >> started
> >> >> >> >> > > > when Clinton was president.
> >> >> >> >> >
> >> >> >> >> > > If it goes wrong on Clinton's watch it is Clinton's fault.
> >> >> >> >> > > If it goes wrong on Bush's watch it is STILL Clinton's
> >> >> >> >> > > fault.
> >> >> >> >> >
> >> >> >> >> > > In all things, Blame Clinton First.
> >> >> >> >> >
> >> >> >> >> > Why do you keep making this claim?
> >> >> >> >>
> >> >> >> >> Because it's true.
> >> >> >> >>
> >> >> >> > That it's all Clinton's fault?
> >> >> >> >
> >> >> >> >
> >> >> >> >> > It's not not what Conservatives are
> >> >> >> >> > saying or have said. I think you just don't want to admit
> >> >> >> >> > what is Clinton's fault.
> >> >> >> >>
> >> >> >> >> One thing that's clearly not Clinton's fault is a trillion
> >> >> >> >> dollar
> >> >> fake
> >> >> >> >> oil war based on bald faced lies.
> >> >> >> >>
> >> >> >> > The effort in Iraq isn't about oil, it's about trying to deal
> >> >> >> > with the
> >> >> >> > hopelessness of the region that brought us the events of
> >> >> >> > September 11.
> >> >> >>
> >> >> >> What did Iraq have to do with 9/11, again?
> >> >> >>
> >> >> > I've explained this to you a hundred times.
> >> >>
> >> >> Oh, yes. Iraq was in the Middle East, the hijackers
> >> >> came from the Middle East, therefore Iraq attacked America.
> >> >>
> >> >> Does that about cover it?
> >> >>
> >> > No, and you know it.
> >> >
> >> >
> >> No WMDs, hijackers all from Saudi Arabia or Egypt, Saddam's fearsome
> >> army defeated in a few weeks...Say, WTF ARE we doing in Eyerack,
> >> Blondie?
> >>
> > If you'll recall, it was your crowd that claimed that Saddam's army was
> > war-hardened and capable.
>
> Just the opposite. The left was saying that Saddam's
> army was a pitiful shell of it's former self, thus a
> threat to no one and thus no need to invade.
>
In between saying that America would be bleached by the war-hardened
Iraqi veterans. Consistency in viewpoint isn't a leftwing thing.

> Even Saddams
> hated enemies Iran and Turkey said Saddam was impotent
> and easily contained. Something even Colin Polin agreed with.
>
The threat from Saddam in 2003 wasn't that he was going to invade next
week. He wasn't massing on Kuwait.

>
> There WAS NO bin Laden in Iraq until Bush invaded, remember?
>
Bin Laden isn't in Iraq now. He's in Afghanistan and Pakistan. The
threat from bin Laden isn't from where he's personally located.

--
"Throw me that lipstick, darling, I wanna redo my stigmata."

+-Jennifer Saunders, "Absolutely Fabulous"

Leslie Viljoen

6/30/2008 7:13:00 PM

On 6/30/08, Dana Merrick <dmerrick@ics.com> wrote:
> Michael Morin wrote:
>
> > Store your password in an encrypted file. When you start the script up,
> enter the encryption password to decrypt the file so your Ruby script can
> grab it and keep it in memory. It won't be stored in plaintext in the file
> (but will probably end up in swap if you're really paranoid).
> >
> > This is about as effective as entering the password as the script starts
> come to think of it. This has always been a problem. You can't store the
> password to be retrieved automatically, the best you can do it obfuscate it.
> And you're right, never give passwords on the command-line. Scripts that
> need passwords should read them from keyboard or STDIN. Especially if
> you're on a shared machine.
> >
>
> These are excellent points. The reason I haven't done this is that I'd like
> to have my script be able to run without action from me, in the background.
>
> I suppose I just need to accept the fact that I'm asking to do something
> inherently insecure in an interpreted language. I'm pleased enough with this
> solution:
>
> form['password'] = @options[:pass] ||
> "AvprGel".tr("A-Za-z","N-ZA-Mn-za-m")

"Interpreted language" is pretty much irrelevant though. The hackers
that be can pull hardcoded passwords out of compiled code very quickly
and easily.

Gnome solves this situation by using the Gnome login to open an
encrypted keyring which stores passwords to things like Wireless
networks. There should be a way for a Ruby program to leverage this
functionality.

Les

Leslie Viljoen

6/30/2008 7:56:00 PM

On 6/30/08, Leslie Viljoen <leslieviljoen@gmail.com> wrote:
> On 6/30/08, Dana Merrick <dmerrick@ics.com> wrote:
>
> > Michael Morin wrote:
> >
> > > Store your password in an encrypted file. When you start the script up,
> > enter the encryption password to decrypt the file so your Ruby script can
> > grab it and keep it in memory. It won't be stored in plaintext in the file
> > (but will probably end up in swap if you're really paranoid).
> > >
> > > This is about as effective as entering the password as the script starts
> > come to think of it. This has always been a problem. You can't store the
> > password to be retrieved automatically, the best you can do it obfuscate it.
> > And you're right, never give passwords on the command-line. Scripts that
> > need passwords should read them from keyboard or STDIN. Especially if
> > you're on a shared machine.
> > >
> >
> > These are excellent points. The reason I haven't done this is that I'd like
> > to have my script be able to run without action from me, in the background.
> >
> > I suppose I just need to accept the fact that I'm asking to do something
> > inherently insecure in an interpreted language. I'm pleased enough with this
> > solution:
> >
> > form['password'] = @options[:pass] ||
> > "AvprGel".tr("A-Za-z","N-ZA-Mn-za-m")
>
>
> "Interpreted language" is pretty much irrelevant though. The hackers
> that be can pull hardcoded passwords out of compiled code very quickly
> and easily.
>
> Gnome solves this situation by using the Gnome login to open an
> encrypted keyring which stores passwords to things like Wireless
> networks. There should be a way for a Ruby program to leverage this
> functionality.

Have a look at:
http://library.gnome.org/devel/gnome-keyring/stable...
http://www.rittau.org/blog/2...

It seems Gnome-keyring can be accessed from Python, so this may help
you get a Ruby solution going. Assuming you use Gnome of course!

Les

Michael Morin

6/30/2008 9:13:00 PM

Leslie Viljoen wrote:
> On 6/30/08, Dana Merrick <dmerrick@ics.com> wrote:
>> Michael Morin wrote:
>>
>>> Store your password in an encrypted file. When you start the script up,
>> enter the encryption password to decrypt the file so your Ruby script can
>> grab it and keep it in memory. It won't be stored in plaintext in the file
>> (but will probably end up in swap if you're really paranoid).
>>> This is about as effective as entering the password as the script starts
>> come to think of it. This has always been a problem. You can't store the
>> password to be retrieved automatically, the best you can do it obfuscate it.
>> And you're right, never give passwords on the command-line. Scripts that
>> need passwords should read them from keyboard or STDIN. Especially if
>> you're on a shared machine.
>> These are excellent points. The reason I haven't done this is that I'd like
>> to have my script be able to run without action from me, in the background.
>>
>> I suppose I just need to accept the fact that I'm asking to do something
>> inherently insecure in an interpreted language. I'm pleased enough with this
>> solution:
>>
>> form['password'] = @options[:pass] ||
>> "AvprGel".tr("A-Za-z","N-ZA-Mn-za-m")
>
> "Interpreted language" is pretty much irrelevant though. The hackers
> that be can pull hardcoded passwords out of compiled code very quickly
> and easily.
>
> Gnome solves this situation by using the Gnome login to open an
> encrypted keyring which stores passwords to things like Wireless
> networks. There should be a way for a Ruby program to leverage this
> functionality.
>
> Les
>

Come to think of it, I used to use KDE's KWallet via dcop to store
passwords. It of course has all the same weaknesses, but you only need
to decrypt your passwords once when you boot up. Be aware that any
program can now read your passwords. Specifically with KWallet, it had
no way of authenticating which program was requesting the passwords.
You could easily write a Ruby script that pretends to be Kopete or
Konqueror and read any password.

Using something to display a dialog box to enter your password when the
script starts would be the best solution. It's not very inconvenient to
enter your password once when it starts up, and the password doesn't
have to be stored anywhere.

--
Michael Morin
Guide to Ruby
http://ruby....
Become an About.com Guide: beaguide.about.com
About.com is part of the New York Times Company

Jeremy Hinegardner

6/30/2008 9:43:00 PM

On Tue, Jul 01, 2008 at 05:04:12AM +0900, Dana Merrick wrote:
> Leslie Viljoen wrote:
>> Gnome solves this situation by using the Gnome login to open an
>> encrypted keyring which stores passwords to things like Wireless
>> networks. There should be a way for a Ruby program to leverage this
>> functionality.
>
> While this would be cool, I don't use Gnome so unfortunately it would be
> useless to me. I could, however, look into a Ruby API that works with OS
> X's Keychain. That's a good idea and I'll look into it.

I wrote keybox which is only requires ruby and ruby's openssl extension.
It was initially for just storing my own passwords and making them avaialble
from a console, but the Keybox::Storage::Container has a pretty simple API
that could be utilized for this type of usage.

You could use the command line to build the encrypted file and then
in your code to something like:

# app start
# prompt for keybox password
container = Keybox::Storage::Container.new( passphrase, "/path/to/keybox/file")

# do long running stuff

When the application needs the password it can do:

record = container.find("record-key").first
# do somethig with record.username and record.password

Feel free to check it out and see if it would work for your situation.

http://keybox.ruby...
http://keybox.ruby...rdoc/index.html

enjoy,

-jeremy

--
========================================================================
Jeremy Hinegardner jeremy@hinegardner.org

Robert Klemme

7/1/2008 11:48:00 AM

2008/6/30 Michael Morin <uzimonkey@gmail.com>:
> Store your password in an encrypted file. When you start the script up,
> enter the encryption password to decrypt the file so your Ruby script can
> grab it and keep it in memory. It won't be stored in plaintext in the file
> (but will probably end up in swap if you're really paranoid).

Frankly, I'd rather let the user enter the password. The security is
the same, usage convenience is as bad as in your suggestion but
implementation becomes much easier.

> This is about as effective as entering the password as the script starts
> come to think of it. This has always been a problem. You can't store the
> password to be retrieved automatically, the best you can do it obfuscate it.
> And you're right, never give passwords on the command-line. Scripts that
> need passwords should read them from keyboard or STDIN. Especially if
> you're on a shared machine.

Alternatively, *if* you trust file system permissions or have
automatic file system level encryption you can store it in plaintext.
:-)

Kind regards

robert

--
use.inject do |as, often| as.you_can - without end

comp.lang.ruby

Re: Hiding a password in code.

Michael Morin

Mitchell Holman

Mitchell Holman

Bill Bonde { ''Well, boys, I reckon this is it, nuclear combat toe to toe with the Roosskies'')

Bill Bonde { ''Well, boys, I reckon this is it, nuclear combat toe to toe with the Roosskies'')

Bill Bonde { ''Well, boys, I reckon this is it, nuclear combat toe to toe with the Roosskies'')

Leslie Viljoen

Leslie Viljoen

Michael Morin

Jeremy Hinegardner

Robert Klemme

x Login to ForumsZone