Hi
I have to take some password from user in a Ruby Program. I want
that when he type password an echo character like * prints on screen
and the program gets the password as string. I am using Ruby function
"gets" to get password. I don't want password to be seen by others.
Suggest me some way.
Thanks
sujeet
The HighLine library (http://highline.rubyforge.org/\) on RubyForge makes this (and more) trivial. Here's an example using that library:
#!/usr/local/bin/ruby -w
require "rubygems"
require "highline/import"
pass = ask("Enter your password: ") { |q| q.echo = false } # or q.echo = "*"
puts "Your password is #{pass}!"
__END__
Hope that helps.
James Edward Gray II
···
On Jun 9, 2005, at 11:19 AM, sujeet kumar wrote:
Hi
I have to take some password from user in a Ruby Program. I want
that when he type password an echo character like * prints on screen
and the program gets the password as string. I am using Ruby function
"gets" to get password. I don't want password to be seen by others.
Suggest me some way.
Aside from the Highline approach already mentioned there is a password
library in Ruby:
http://www.caliban.org/ruby/ruby-password.shtml
marcel
···
On Fri, Jun 10, 2005 at 01:19:45AM +0900, sujeet kumar wrote:
I have to take some password from user in a Ruby Program. I want
that when he type password an echo character like * prints on screen
and the program gets the password as string. I am using Ruby function
"gets" to get password. I don't want password to be seen by others.
Suggest me some way.
--
Marcel Molina Jr. <marcel@vernix.org>
does this clear out the password buffer in memory?
-a
···
On Fri, 10 Jun 2005, James Edward Gray II wrote:
On Jun 9, 2005, at 11:19 AM, sujeet kumar wrote:
Hi
I have to take some password from user in a Ruby Program. I want
that when he type password an echo character like * prints on screen
and the program gets the password as string. I am using Ruby function
"gets" to get password. I don't want password to be seen by others.
Suggest me some way.The HighLine library (http://highline.rubyforge.org/\) on RubyForge makes this (and more) trivial. Here's an example using that library:
#!/usr/local/bin/ruby -w
require "rubygems"
require "highline/import"pass = ask("Enter your password: ") { |q| q.echo = false } # or q.echo = "*"
puts "Your password is #{pass}!"__END__
Hope that helps.
James Edward Gray II
--
email :: ara [dot] t [dot] howard [at] noaa [dot] gov
phone :: 303.497.6469
My religion is very simple. My religion is kindness.
--Tenzin Gyatso
===============================================================================
Forgive me if I didn't understand your question completely, but I believe the answer is basically yes.
Behind the scenes, HighLine is using a cross platform character reader and just accumulating the results in a local variable. It returns the contents of that variable to you and then the scope is lost.
I hope that's what you meant, but feel free to correct me if I just didn't get the question.
James Edward Gray II
···
On Jun 9, 2005, at 1:08 PM, Ara.T.Howard wrote:
On Fri, 10 Jun 2005, James Edward Gray II wrote:
#!/usr/local/bin/ruby -w
require "rubygems"
require "highline/import"pass = ask("Enter your password: ") { |q| q.echo = false } # or q.echo = "*"
puts "Your password is #{pass}!"__END__
does this clear out the password buffer in memory?
hmmm... it's probably still in memory for a while unless there is an explicit
method to clear it. some password libs have this feature.
thanks.
-a
···
On Fri, 10 Jun 2005, James Edward Gray II wrote:
On Jun 9, 2005, at 1:08 PM, Ara.T.Howard wrote:
On Fri, 10 Jun 2005, James Edward Gray II wrote:
#!/usr/local/bin/ruby -w
require "rubygems"
require "highline/import"pass = ask("Enter your password: ") { |q| q.echo = false } # or q.echo = "*"
puts "Your password is #{pass}!"__END__
does this clear out the password buffer in memory?
Forgive me if I didn't understand your question completely, but I believe the answer is basically yes.
Behind the scenes, HighLine is using a cross platform character reader and just accumulating the results in a local variable. It returns the contents of that variable to you and then the scope is lost.
I hope that's what you meant, but feel free to correct me if I just didn't get the question.
--
email :: ara [dot] t [dot] howard [at] noaa [dot] gov
phone :: 303.497.6469
My religion is very simple. My religion is kindness.
--Tenzin Gyatso
===============================================================================
I'm trying to envision how I could improve this... If you can give me any suggestions, I'll be happy to consider them for a future release.
To be clear though, I'm in no away claiming that HighLine offers ironclad security. It seemed to me that the original question was how to hide a password from casual onlookers and HighLine does make that trivial, I think.
James Edward Gray II
···
On Jun 9, 2005, at 1:55 PM, Ara.T.Howard wrote:
hmmm... it's probably still in memory for a while unless there is an explicit
method to clear it. some password libs have this feature.
Would something like the following be an improvement, do you think?
#!/usr/local/bin/ruby -w
def fetch_password
pass = ""
pass << "password"
pass
ensure
pass = nil
end
p fetch_password # => "password"
__END__
James Edward Gray II
···
On Jun 9, 2005, at 1:55 PM, Ara.T.Howard wrote:
hmmm... it's probably still in memory for a while unless there is an explicit
method to clear it. some password libs have this feature.
Or something like (untested):
def fetch_password
pass = ""
pass << "password"
yield pass
ensure
pass[0..-1] = "\0" * pass.size
pass = nil
end
fetch_password do |pass|
# check validity but do not copy/link pass anywhere
end
Guillaume.
···
On Fri, 2005-06-10 at 23:07 +0900, James Edward Gray II wrote:
On Jun 9, 2005, at 1:55 PM, Ara.T.Howard wrote:
> hmmm... it's probably still in memory for a while unless there is
> an explicit
> method to clear it. some password libs have this feature.Would something like the following be an improvement, do you think?
#!/usr/local/bin/ruby -w
def fetch_password
pass = ""
pass << "password"
pass
ensure
pass = nil
endp fetch_password # => "password"
__END__