Re: Reading streams, perl variables when script is running

G'day xtpu,

Welcome to the monastery.

There are a number of FAQs (in perlfaq8 and perlfaq9) with information about passwords. The most relevant to your question would be "How do I ask the user for a password?"; although, the others may be of interest.

You can put lexical variables in an anonymous scope to make them private. In the following demo script, only the subroutines initialise_password() and retrieve_password() have access to the $password variable: even if you accidentally used $password somewhere else in your code, it would be a completely different variable.

The following code shows the techniques you might use to read the password once at startup, store it in a private variable and retrieve it as many times as you want.

#!/usr/bin/env perl

use strict;
use warnings;

{
    my $password;

    sub retrieve_password {
        return $password if defined $password;
        die 'Password not defined';
    }

    sub initialise_password {
        return if defined $password;

        use Term::ReadKey;
        print 'Enter password: ';
        ReadMode('noecho');
        $password = ReadLine(0);
        print "\n";
        ReadMode('restore');
        return;
    }
} 

start();
test();

sub start {
    initialise_password();
}

sub test {
    print 'Testing: ', retrieve_password(), "\n";
}
[download]

Sample run:

Enter password: 
Testing: some_password
[download]

-- Ken

Comment on Re: Reading streams, perl variables when script is running Select or Download Code

Replies are listed 'Best First'.
Re^2: Reading streams, perl variables when script is running by xtpu (Novice) on Jan 05, 2014 at 03:02 UTC
Thanks for the informative responses, guys. You're the best! Would it be a pretty accurate summary to say: keeping the decryption password in memory would work, as long as no one managed to gain root access? Small follow-up question: If I wanted to avoid using Term::ReadKey, would the following code work for reading the password? Is Term::ReadKey in any way more secure? (I prefer to avoid installing additional modules where I can for the sake of portability, unless I absolutely need them.) `print "Password: "; system('stty','-echo'); my $pw=<STDIN>; system('stty','echo'); chomp($pw);` [download]	[reply] [d/l]
Re^3: Reading streams, perl variables when script is running by kcott (Archbishop) on Jan 05, 2014 at 06:03 UTC
"Small follow-up question: If I wanted to avoid using Term::ReadKey, would the following code work for reading the password? Is Term::ReadKey in any way more secure? (I prefer to avoid installing additional modules where I can for the sake of portability, unless I absolutely need them.) ... `stty` code ..." This rather indicates that you didn't bother to read the "How do I ask the user for a password?" link which I provided: it discusses both `stty` and portability issues. The security aspect here involves hiding the password being typed from prying eyes. That's an absolute (either it's hidden or visible) — there's no sliding scale of effective camouflaging or obfuscation. Perhaps you had something else in mind with respect to Term::ReadKey's security. Many modules are written with the express purpose of improving portability: Term::ReadKey is one of these; File::Spec is another example. You'll also find lots of modules are written to be portable even if that's not their primary function. There may be many reasons why you choose not to install any particular module; however, you should reject the notion of using portability as a reason for not installing modules in general. -- Ken	[reply] [d/l] [select]
Re^4: Reading streams, perl variables when script is running by xtpu (Novice) on Jan 05, 2014 at 07:47 UTC
I did read the link, I promise! But it seems my brain was elsewhere when I did so because on re-reading it, I see that you're right: it answers that question exhaustively. Sorry about that.	[reply]


go ahead... be a heretic
	PerlMonks