Project and Portfolio Management Practitioners Forum
cancel

How do I suppress passwords from the log?

Highlighted
Johan Holmqvist
Regular Contributor.

How do I suppress passwords from the log?

Hi,
Cust is using "ksc_simple_respond" to execute a UNIX shell script with the following syntax
ksc_simple_respond #./script.sh# -hide #Username/Passwd:# #userX/passY#

The problem is that even though we use the -hide option the password is revealed when a read command is done by the UX-shell as following:

echo "Username/Passwd: \c"
read PASSWD

I have tried

echo "Username/Passwd: \c"
stty -echo
read PASSWD
stty echo

Makes no difference

This is the output we get in the ppm log:

./que.sh
Username/Passwd: **** # Ok (-hide)
Waiting for command prompt
userX/passY # HOW can we get rid of this?

How can we supress the password completely, different approach, probably?

"It work´s but I have´nt tested it"
3 REPLIES
Johan Holmqvist
Regular Contributor.

Re: How do I suppress passwords from the log?

Is there any way to suppress standard output from a UNIX-shell in the PPM-log? To me it seems like the only way to not reveal passwords in the log is to have ksc_simple_respond to answer password requests directly and not store them in tokens/variables like cust do. Encrypt them in some way maybe? Any ideas?
"It work´s but I have´nt tested it"
Jim Esler
Acclaimed Contributor.

Re: How do I suppress passwords from the log?

We got around this problem by using the expect command to handle these interactions. As long as the password is in the expect command line and not in the script, it is hidden.
Johan Holmqvist
Regular Contributor.

Re: How do I suppress passwords from the log?

Exactly my findings too, the problem is that would mean redesign of 350 scripts and a bunch of object types.. it feels like it would be rather simple to develop a ksc_echo_off, ksc_echo_on, ksc_redirect_output..? I for sure would use it:-)
"It work´s but I have´nt tested it"