hi, r developers, I am now working on a R function/package to handling online request with username and token/password. For security reasons, it's not so safe to store the username & token in persistent variables, since they'll be saved to disk when users save their workspace. Is there a secure way in R to handle the online password management? I have searched it online but didn't find any good suggestions. So I am trying my luck on this mail list. Regards Ni [[alternative HTML version deleted]]
On Wed, Dec 14, 2011 at 9:54 PM, Ni Wang <niwang at gmail.com> wrote:> hi, r developers, I am now working on a R function/package to handling > online request with username and token/password. > > For security reasons, it's not so safe to store the username & token in > persistent variables, since they'll be saved to disk when > users save their workspace. Is there a secure way in R to handle the online > password management? I have searched it online > but didn't find any good suggestions. So I am trying my luck on this mail > list.If you save something to an environment that isnt the Global Environment then R won't save it when you quit and save. Suggest you save credentials in a list. Maybe something like this: attach(list(username="mrbluesky",password="s3cr3t"),name="credentials") then you just get user and password from the environment when needed: get("username",envir=as.environment(credentials)) get("password",envir=as.environment(credentials)) saving the R workspace in the usual way (answering 'y' to Save Workspace Image) won't save this data. I have a vague memory of Splus possibly having a temporary environment which would do what you want, but that doesn't seem to be present in R... Barry
One way this is often done is to have this information in a file that only the owner can read. For example, mysql uses a file .my.cnf (in Windows it may have a different name). The code then just reads the information from the file. To guard against user carelessness, I think mysql will not use it if anyone other than the user has read permission on the file. Of the various options for passing user/password information, I think this is general considered one of the better ways. Paul On 11-12-14 04:54 PM, Ni Wang wrote:> hi, r developers, I am now working on a R function/package to handling > online request with username and token/password. > > For security reasons, it's not so safe to store the username& token in > persistent variables, since they'll be saved to disk when > users save their workspace. Is there a secure way in R to handle the online > password management? I have searched it online > but didn't find any good suggestions. So I am trying my luck on this mail > list. > > Regards > > Ni > > [[alternative HTML version deleted]] > > ______________________________________________ > R-devel at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel
On Sun, Dec 18, 2011 at 1:28 AM, Paul Gilbert <pgilbert902 at gmail.com> wrote:> One way this is often done is to have this information in a file that only > the owner can read. For example, mysql uses a file .my.cnf (in Windows it > may have a different name). The code then just reads the information from > the file. To guard against user carelessness, I think mysql will not use it > if anyone other than the user has read permission on the file. Of the > various options for passing user/password information, I think this is > general considered one of the better ways.If anyone has a large chunk of spare time on their hands they could implement an R interface to the Gnome Keyring and store credentials in there. I think under the hood it uses dbus so first implement dbus in R. Or just call some code with system()... gnome keyring API: http://live.gnome.org/GnomeKeyring/StoringPasswords command line interface: https://launchpad.net/gkeyring Probably getting a bit over the top now. Barry