On 12/06/2009 6:08 PM, miller_2555 wrote:
Hi -
I'm creating a package of database tools. A function in the package
requires the username and password as input to the function in order to
initially connect to the target database(s). Of course, this poses a
significant security issue given the possible retention of the function
statement in cleartext. I did not readily encounter a package meant to mask
input from the user nor do I know of any method to prevent sensitive
information from appearing on-screen or from logging in the command history
of a running R session. While using the --vanilla option when starting R
helps with permanent logging of sensitive information, it is not always
preferable to run R with special flags. Is any solution available to
prevent the logging/ display of user input. Obviously, hard-coding the
sensitive information is not an option.
Note: I currently use the following (summarized) convention:
myloginfunction <- function(uname = readline("Enter username") , passwd =
readline("Enter password")) { print(c(uname,passwd)); };
However, the readline function prints the response on-screen.
I think you want to use a GUI toolkit for this. For example, with tcltk
(which is available on all platforms):
library(tcltk)
tt<-tktoplevel()
Password <- tclVar("")
entry.Password <-tkentry(tt,width="20",textvariable=Password,show="*")
tkgrid(tklabel(tt,text="Please enter your password."))
tkgrid(entry.Password)
OnOK <- function()
{
tkdestroy(tt)
Password <<- tclvalue(Password)
cat("The password was ", Password, "\n")
}
OK.but <-tkbutton(tt,text=" OK ",command=OnOK)
tkbind(entry.Password, "<Return>",OnOK)
tkgrid(OK.but)
tkfocus(tt)
(This is modified from an example on James Wettenhall's page
http://bioinf.wehi.edu.au/~wettenhall/RTclTkExamples/).
Duncan Murdoch
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
