How to take password from user

[sujeet kumar]

Hi
I have to take some password from user in a Ruby Program. I want
that when he type password an echo character like * prints on screen
and the program gets the password as string. I am using Ruby function
"gets" to get password. I don't want password to be seen by others.
Suggest me some way.
Thanks
sujeet

 

[James Edward Gray II]

Hi
I have to take some password from user in a Ruby Program. I want
that when he type password an echo character like * prints on screen
and the program gets the password as string. I am using Ruby function
"gets" to get password. I don't want password to be seen by others.
Suggest me some way.

The HighLine library (http://highline.rubyforge.org/) on RubyForge
makes this (and more) trivial. Here's an example using that library:

#!/usr/local/bin/ruby -w

require "rubygems"
require "highline/import"

pass = ask("Enter your password: ") { |q| q.echo = false } # or
q.echo = "*"
puts "Your password is #{pass}!"

__END__

Hope that helps.

James Edward Gray II

 

[Ara.T.Howard]

The HighLine library (http://highline.rubyforge.org/) on RubyForge makes this
(and more) trivial. Here's an example using that library:

#!/usr/local/bin/ruby -w

require "rubygems"
require "highline/import"

pass = ask("Enter your password: ") { |q| q.echo = false } # or q.echo = "*"
puts "Your password is #{pass}!"

__END__

Hope that helps.

James Edward Gray II

does this clear out the password buffer in memory?

-a
--
===============================================================================
| email :: ara [dot] t [dot] howard [at] noaa [dot] gov
| phone :: 303.497.6469
| My religion is very simple. My religion is kindness.
| --Tenzin Gyatso
===============================================================================

 

[James Edward Gray II]

does this clear out the password buffer in memory?

Forgive me if I didn't understand your question completely, but I
believe the answer is basically yes.

Behind the scenes, HighLine is using a cross platform character
reader and just accumulating the results in a local variable. It
returns the contents of that variable to you and then the scope is lost.

I hope that's what you meant, but feel free to correct me if I just
didn't get the question.

James Edward Gray II

 

[Ara.T.Howard]

Forgive me if I didn't understand your question completely, but I believe the
answer is basically yes.

Behind the scenes, HighLine is using a cross platform character reader and
just accumulating the results in a local variable. It returns the contents
of that variable to you and then the scope is lost.

I hope that's what you meant, but feel free to correct me if I just didn't
get the question.

hmmm... it's probably still in memory for a while unless there is an explicit
method to clear it. some password libs have this feature.

thanks.

-a
--
===============================================================================
| email :: ara [dot] t [dot] howard [at] noaa [dot] gov
| phone :: 303.497.6469
| My religion is very simple. My religion is kindness.
| --Tenzin Gyatso
===============================================================================

 

[James Edward Gray II]

hmmm... it's probably still in memory for a while unless there is
an explicit
method to clear it. some password libs have this feature.

I'm trying to envision how I could improve this... If you can give
me any suggestions, I'll be happy to consider them for a future release.

To be clear though, I'm in no away claiming that HighLine offers
ironclad security. It seemed to me that the original question was
how to hide a password from casual onlookers and HighLine does make
that trivial, I think.

James Edward Gray II

 

[Marcel Molina Jr.]

I have to take some password from user in a Ruby Program. I want
that when he type password an echo character like * prints on screen
and the program gets the password as string. I am using Ruby function
"gets" to get password. I don't want password to be seen by others.
Suggest me some way.

Aside from the Highline approach already mentioned there is a password
library in Ruby:

http://www.caliban.org/ruby/ruby-password.shtml

marcel

 

[James Edward Gray II]

hmmm... it's probably still in memory for a while unless there is
an explicit
method to clear it. some password libs have this feature.

Would something like the following be an improvement, do you think?

#!/usr/local/bin/ruby -w

def fetch_password
pass = ""
pass << "password"
pass
ensure
pass = nil
end

p fetch_password # => "password"

__END__

James Edward Gray II

 

[Guillaume Marcais]

Would something like the following be an improvement, do you think?

#!/usr/local/bin/ruby -w

def fetch_password
pass = ""
pass << "password"
pass
ensure
pass = nil
end

p fetch_password # => "password"

__END__

Or something like (untested):

def fetch_password
pass = ""
pass << "password"
yield pass
ensure
pass[0..-1] = "\0" * pass.size
pass = nil
end

fetch_password do |pass|
# check validity but do not copy/link pass anywhere
end


Guillaume.