sending password to command line tools
i'm writing a python application that uses a command line utility (propietary so it can't be modified) to do part of its work. The problem is that I have to pass the password as a command line argument to the tool which would easily be seen开发者_如何学C by any user doing 'ps ax'. How can I send the password to the command line tool safely from within python (or a shell script)?
If the application has some interactive mode, you can use something like pyexpect.
If it only accepts passwords on command line the application was DESIGNED to be vulnerable to 'ps ax', how are you expected to overcome original bad design? It is propietary, complaints should go to the guilty^H^H^H^H^H^Hauthor.
If the password is only accepted on the command line, you're pretty much out of luck. Are you absolutely sure there's no option to send the password in another way? If you can send it over the process's stdin
, you can talk to it via a pipe, and send the password securely in that way.
You may be able to gain more security by having an encrypted password argument and passing an encrypted password, and the program can de-crypt it. At least there would be no plain-text password floating around. I used this method when launching a process via another process and passing it arguments. It may not be feasible in your case though.
Write another python script that will accept password from command prompt using getpass.getpass()
and store it in a variable. Then call the command from the script with that variable having password as parameter.
You can force an inline shell wrapper like follows
somecommand --password=$(echo "Enter Password: " >&2;read -s PASSWORD;echo $PASSWORD)
The password entry will populate the command before executing it
The password will NOT appear in your shell history
But it WILL appear in your 'ps' output
What about this in bash:
command_asking_for_password < <(command_that_prints_a_password; printf "\r")
精彩评论