how to encrypt password stored in ftp script

W

Woland99

Howdy - I want my script to make connection to FTP server and get some
files. I need that script to run everyday automatically on machine
that many people
have access to - but I do not want them to know the username or
password for that
FTP server. Is there a way to save encrypted password with the script
but prevent
people form modifying script to access the FTP server for different
purposes?

JT
 
D

Dave Weaver

Howdy - I want my script to make connection to FTP server and get some
files. I need that script to run everyday automatically on machine
that many people
have access to - but I do not want them to know the username or
password for that
FTP server. Is there a way to save encrypted password with the script
but prevent
people form modifying script to access the FTP server for different
purposes?

The FTP protocol uses a plaintext password, so if you encrypt it and
store it somewhere, you still need the decryption code in the script
so that you can use it. And if people can read the script they can
read (and copy) the decryption code (and thus get at the password
anyway), so it gains you nothing.

You don't say what operating system this is running on, but assuming
some sort of *nix system, you can put the password in the script, but
set file permissions to ensure the script is readable only by the user
that runs it, not anyone else.
 
W

Woland99

The FTP protocol uses a plaintext password, so if you encrypt it and
store it somewhere, you still need the decryption code in the script
so that you can use it.  And if people can read the script they can
read (and copy) the decryption code (and thus get at the password
anyway), so it gains you nothing.

You don't say what operating system this is running on, but assuming
some sort of *nix system, you can put the password in the script, but
set file permissions to ensure the script is readable only by the user
that runs it, not anyone else.

Thanks - I just read about Net::Netrc but that is not really a
solution since it is Windows environment. Is there a way to encrypt
the entire script?
 
J

Josef Moellers

Woland99 said:
Howdy - I want my script to make connection to FTP server and get some
files. I need that script to run everyday automatically on machine
that many people
have access to - but I do not want them to know the username or
password for that
FTP server. Is there a way to save encrypted password with the script
but prevent
people form modifying script to access the FTP server for different
purposes?

I usually write those kinds of scripts such that they access a file
which is in my home directory and readable only be me. Maybe using a
file that already has the username and password may be a good idea, I
usually take my ~/.muttrc for that purpose.
Then write a short code sequence which opens, reads and parses, and
closes that file and extracts the username and password.
Then use that information for authentication.

------
my $muttrc = $ENV{HOME} . '/.muttrc';
open(my $rc, '<', $muttrc) or die "$0: Cannot open $muttrc: $!\n";
my %info;
while (<$rc>) {
if (/^\s*set\s+imap_user\s*=\s*(\S+)/) {
$info{imap_user} = $1;
next;
}
if (/^\s*set\s+imap_pass\s*=\s*(\S+)/) {
$info{imap_pass} = $1;
next;
}
}
close $rc;
------

This has the added advantage that you have one place less where your
password ist stored and might need to be updated and also that you can
give this program to others that can use it without having to modify it.

Josef
 
C

cartercc

Howdy - I want my script to make connection to FTP server and get some
files. I need that script to run everyday automatically on machine
that many people
have access to - but I do not want them to know the username or
password for that
FTP server. Is there a way to save encrypted password with the script
but prevent
people form modifying script to access the FTP server for different
purposes?

Hiding your username and password in this circumstance is impossible
-- the remote server needs both the username and password in order to
authenticate the connection, and any automated solution will have to
include this in a form that can be read by the remote server.

My solution is to 'hide' the username and password in a separate
configuration file that only the script can open and read, but of
course if it's in any kind of file it can be hacked.

If you have access to the remote server, you could write a script to
push your data from the server to your local machine, that is, FTP
into your machine from the remote server.

You can also enable accounting on the remote machine to log FTP
sessions so as to detect unauthorized access. This may or may not meet
your needs.

The bottom line is that if you really need to secure your username and
password, don't store them in any file on your machine. Manually
FTPing to the remote server is the price you pay for security.

CC
 
J

Jürgen Exner

Woland99 said:
Howdy - I want my script to make connection to FTP server and get some
files. I need that script to run everyday automatically on machine
that many people
have access to - but I do not want them to know the username or
password for that
FTP server.

Why not just read-protect the script or UID/password, such that it can
only be accessed by you? Depending on your system this still may not
stop the admin.

If that is a concern then you need to encrypt either. And don't store
the key on the same system or it's an open barn door for the admin
again.

jue
 
T

Tim Greer

Woland99 said:
Howdy - I want my script to make connection to FTP server and get some
files. I need that script to run everyday automatically on machine
that many people
have access to - but I do not want them to know the username or
password for that
FTP server. Is there a way to save encrypted password with the script
but prevent
people form modifying script to access the FTP server for different
purposes?

JT

FTP is clear text, you can't encrypt it, unless you decrypt somewhere in
the process (or on the other end), which probably defeats the purpose,
since that's the method someone else would just be able to use anyway.
I could only suggest using sftp, scp or rsync over SSH with a trusted
key. Of course, the problem is, if people have access to the system,
it doesn't matter a whole lot, since the trusted key allows them access
without a password. Otherwise, they can see the password in plain
text, which means they have the same trusted access once authenticated
-- and besides having that access, they have the password as well.

You can also time it with firewalls to only allow connections from the
system to the server at certain times. The best solution, is if you're
uploading from the system, is to find the most secure way of doing it,
but make it so that the FTP account it uploads to, is separate from
anything else (not full or other access to the remote account you
upload to). Make it so you can only upload (the files can be hidden
from view on the client end once they are uploaded). For the script
initiating this, you can try and hide the file name, the job, and also
make it so only your user has read permissions on the script used (the
last part is the most important -- how are you at risk of others
reading the script or being able to log into your account that runs
this process? That's the biggest problem you should find a resolution
for). You make it sound like this is a system that anyone can access,
is that the case? If so, what's stopping people from reading any of
your data or modifying that data?

Ultimately, if this is a system where anyone can access and somehow view
or gain access to the script or password, you should initiate the FTP
session (or better yet, a more secure method) from the _server_ side
(where you want the files stored) and have it connect to the system and
transfer the files _from_ it, which is the best scenario in this case
regardless of how people can access it (assuming the other end is more
secure). That way, none of the other users on the system you're
wanting to transfer files from, will have a way to access the server
end. You can do that with trusted keys or some more secure transfer
method, but FTP will work fine as well, assuming the server end can be
trusted with the same dilemma you have on the system in question.
 
S

Steve Roscio

Woland99 crawled from the grave and scrawled, on 01/12/2009 01:10 AM in
the darkness of night:
Howdy - I want my script to make connection to FTP server and get some
files. I need that script to run everyday automatically on machine
that many people
have access to - but I do not want them to know the username or
password for that
FTP server. Is there a way to save encrypted password with the script
but prevent
people form modifying script to access the FTP server for different
purposes?

JT

Another option might be to physically separate the password from the
application, onto a USB stick or CD or something convenient for you to
use. Then the application will look for the credentials in this place
whenever it needs it. You'll have to get in the habit of inserting the
"key" when you do the FTP, and remove it when you're done.

This is by no means a secure solution, but it's better than embedding
the password in the application.
 
W

Woland99

FTP is clear text, you can't encrypt it, unless you decrypt somewhere in
the process (or on the other end), which probably defeats the purpose,
since that's the method someone else would just be able to use anyway.
I could only suggest using sftp, scp or rsync over SSH with a trusted
key.  Of course, the problem is, if people have access to the system,
it doesn't matter a whole lot, since the trusted key allows them access
without a password.  Otherwise, they can see the password in plain
text, which means they have the same trusted access once authenticated
-- and besides having that access, they have the password as well.

You can also time it with firewalls to only allow connections from the
system to the server at certain times.  The best solution, is if you're
uploading from the system, is to find the most secure way of doing it,
but make it so that the FTP account it uploads to, is separate from
anything else (not full or other access to the remote account you
upload to).  Make it so you can only upload (the files can be hidden
from view on the client end once they are uploaded).  For the script
initiating this, you can try and hide the file name, the job, and also
make it so only your user has read permissions on the script used (the
last part is the most important -- how are you at risk of others
reading the script or being able to log into your account that runs
this process?  That's the biggest problem you should find a resolution
for).  You make it sound like this is a system that anyone can access,
is that the case?  If so, what's stopping people from reading any of
your data or modifying that data?

Ultimately, if this is a system where anyone can access and somehow view
or gain access to the script or password, you should initiate the FTP
session (or better yet, a more secure method) from the _server_ side
(where you want the files stored) and have it connect to the system and
transfer the files _from_ it, which is the best scenario in this case
regardless of how people can access it (assuming the other end is more
secure).  That way, none of the other users on the system you're
wanting to transfer files from, will have a way to access the server
end.  You can do that with trusted keys or some more secure transfer
method, but FTP will work fine as well, assuming the server end can be
trusted with the same dilemma you have on the system in question.
--
Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
and Custom Hosting.  24/7 support, 30 day guarantee, secure servers.
Industry's most experienced staff! -- Web Hosting With Muscle!

Thanks for your comments - indeed the general concerns about data
security (on top of not giving away FTP login/passwd) are valid -
basically once I download files from the server I need to provide
some level of security for it. I do not know much at all about
security or encryption but my idea for protecting passwd/login
info in the script was something along the line:
I would have file containing encrypted password that would be
generated using encryption key. Using same key I could create
digital signature of the script that would try to get the password
out of that file. So everytime I edit the script I would need to
reset its digital signature in the file contains encrypted password.
If script comes in and asks for passwd and the digital signature
of the script (computed at that point) matches the signature that
was last stored with passwd then it would be give the password
value. Sorry if that is all gibberish - as I said security and
encryprions are a bit of new area for me.
 
C

cartercc

Thanks for your comments - indeed the general concerns about data
security (on top of not giving away FTP login/passwd) are valid -
basically once I download files from the server I need to provide
some level of security for it. I do not know much at all about
security or encryption but my idea for protecting passwd/login
info in the script was something along the line:
I would have file containing encrypted password that would be
generated using encryption key. Using same key I could create
digital signature of the script that would try to get the password
out of that file. So everytime I edit the script I would need to
reset its digital signature in the file contains encrypted password.
If script comes in and asks for passwd and the digital signature
of the script (computed at that point) matches the signature that
was last stored with passwd then it would be give the password
value. Sorry if that is all gibberish - as I said security and
encryprions are a bit of new area for me.

Essentially, you need to decide between convenience and security.
Storing a password in any kind of permanent file is inherently
insecure but convenient. Not storing a password is inconvenient but
avoids the risk of unauthorized access to your password file.

At least the file system uses a one way hash to authenticate users,
but one way hashes can be hacked by brute force which is why long
password are better than short ones. With ftp, you don't even have
this option, unless you use a secure connection.

CC
 
J

J. Gleixner

Woland99 wrote:
[...]
value. Sorry if that is all gibberish - as I said security and
encryprions are a bit of new area for me.

If you're actually dealing with sensitive data (SSN, medical
history, etc.) then you shouldn't be the one doing this project.
Find someone in your company who DOES know this and get them
to work on this with you.
 
W

Woland99

Woland99 wrote:

[...]
value. Sorry if that is all gibberish - as I said security and
encryprions are a bit of new area for me.

If you're actually dealing with sensitive data (SSN, medical
history, etc.) then you shouldn't be the one doing this project.
Find someone in your company who DOES know this and get them
to work on this with you.

No worries - those are not personal data or credit card numbers.
I would not try do any such thing with my skills.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top