I know the typical way to script automate an ftp session is to pass all of the commands to ftp, with something 'like' the following:
echo USER $user
echo PASS $pass
My question concerns other methods or tricks people have used so that the username and ESPECIALLY the password are not embedded in the script. Some ideas are:
(a) reading password from a separate file; theink $cat...
(b) getting selected data from a file for password; think $cut...
So, what are some other tricks for having a $pass variable I can send for login purposes, but still maintain a greater level of security for the password (then having it embedded in the script)?
Thanks for the ideas. The actual code is not required, more just the methodologies for accomplishing this.
if u're using windows, you can pick up username pwd from another file using the -s option. I belv this option does not exist in any unix flavor, in which case u can create a unix user created for ftp-ing the files, and u can set the password as an env variable in the .profile, of course keeping the appropriate access levels to .profile
If you are using a unix, try .netrc
You specify a hostname and pair it with a username and password. Several implementations of ftp and telnet (including the default ones that come with solaris) understand these files.
And you might want to try switching to sftp if that is available.
With it you can use either userid/passwords, or key files.
Use openssh for the unix end, and winscp for the windows end, both are open source.
One should be careful storing sensitive information in the environment as it's available to anyone via the BSD implementation of ps (the -e flag). A very common mistake, one doozy of a security hole
It appears the ideas are related to 'when I control ftp'. However, I often need to pick up data from a site I do not control, but are given the username & password to authenticate. Therefore, when automating, the password must come from somewhere to be sent.
I was thinking of:
(a) Creating a script to store username & passwords to a 'text' file, but in a jumbled sort of way. For instance, username=joe & pasword=hi; so since joe is the 10th, 15th and 5th letters of alphabet, I could add the numbers 10+15+5=30. I would then write my file as
"joekdjfiekcnt9230gh7a6cfbn8snh86i"
start with username "joe", then skip to the 30th position to get the first character of password "h", skip two and read the "i", and be at end of line.
{There are lots of algorithms I could choose.}
(b) Then, my ftp scripts could call the related program to retrieve the info from the stored text file.
(c) Perhaps I could make my 'retrieval password' script protected so that it can only be executed by users, but not able to be read?
I could then logon to someone else's ftp site without embedding the username and password in the ftp script. Further, even if someone stumbled upon or knew of the text username-password file, they wouldn't necessarily know the logic to pull apart the text to learn the valid passwords.
Not perfect, but maybe an approach to reading a separate file for username/password pairs so that they are not embedded in the user scripts. Something a programmer could hack, but the general user, even if he/she printed out the script being run, would not see the username and password for the actions.
So... this is the direction of my thinking and what I am also searching for insight on from others.
