On 12/06/2009 6:08 PM, miller_2555 wrote:> Hi -
>
> I'm creating a package of database tools. A function in the package
> requires the username and password as input to the function in order to
> initially connect to the target database(s). Of course, this poses a
> significant security issue given the possible retention of the function
> statement in cleartext. I did not readily encounter a package meant to mask
> input from the user nor do I know of any method to prevent sensitive
> information from appearing on-screen or from logging in the command history
> of a running R session. While using the --vanilla option when starting R
> helps with permanent logging of sensitive information, it is not always
> preferable to run R with special flags. Is any solution available to
> prevent the logging/ display of user input. Obviously, hard-coding the
> sensitive information is not an option.
>
> Note: I currently use the following (summarized) convention:
>
> myloginfunction <- function(uname = readline("Enter username")
, passwd > readline("Enter password")) { print(c(uname,passwd)); };
>
> However, the readline function prints the response on-screen.
I think you want to use a GUI toolkit for this. For example, with tcltk
(which is available on all platforms):
library(tcltk)
tt<-tktoplevel()
Password <- tclVar("")
entry.Password
<-tkentry(tt,width="20",textvariable=Password,show="*")
tkgrid(tklabel(tt,text="Please enter your password."))
tkgrid(entry.Password)
OnOK <- function()
{
tkdestroy(tt)
Password <<- tclvalue(Password)
cat("The password was ", Password, "\n")
}
OK.but <-tkbutton(tt,text=" OK ",command=OnOK)
tkbind(entry.Password, "<Return>",OnOK)
tkgrid(OK.but)
tkfocus(tt)
(This is modified from an example on James Wettenhall's page
http://bioinf.wehi.edu.au/~wettenhall/RTclTkExamples/).
Duncan Murdoch