« Mapping out Marriott's Starwood Acquisition | Main | Happy Thanksgiving! »

November 25, 2015

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Interesting. We just have to think about username and password problem in a team environment.

We looked at how encryption can be done use the PKI package. But as you noted in your post, one has to save username and password somewhere to avoid re-enter over and over again.

Our current solution is to type it when needed and never save.

As D commented, for the best security, you have to type your password each time.

password = readline("Enter your password > ")

works, but doesn't prevent access by people looking over your shoulder.

You can have obscured text if you type into a gWidgets GUI. Something like:

library(methods)
library(gWidgets2tcltk)

passwordEntryFactory <- setRefClass(
"PasswordEntry",
fields = list(
win = "ANY",
txt = "ANY",
pw = "ANY"
),
methods = list(
initialize = function(...)
{
win <<- gwindow(
"Enter your password",
visible = FALSE,
height = 25
)
txt <<- gedit(
container = win,
handler = function(h, ...)
{
pw <<- svalue(txt)
dispose(win)
}
)
visible(txt) <- "*"
visible(win) <- TRUE
}
)
)

getPassword <- function()
{
passwordEntry <- passwordEntryFactory$new()
while(isExtant(passwordEntry$win))
{
Sys.sleep(0.1)
}
passwordEntry$pw
}

getPassword()

I sometimes store passwords in RData files too, then at least the password isn't stored in plain text, and is secure from non-R programmers.

Hi Guys,


Thanks for posting about this.
I ran into this issue recently and here is the solution I found.

1. I use the digest package that allows aes encryption.
2. I use a two functions one that write aes encrypted files, the other that read and decrypt those files.
You can find those functions here: https://github.com/sdoyen/r_password_crypt
3. Finally, I use the digest package to generate the key required to encrypt and decrypt files.
4. Once all of this is in place I create a dataframe that contains the loggin and the password.
5. I use the write.aes function to write the credential locally in an encrypted file
6. The read.aes allows to decrypt the credentials and import it in R.

That way no credential appears in plain text or in the code. Additionally, one could decide to store the key elsewhere (remote server, usb drive, ect..)
Also, this solution does not require to prompt for password each time.

So,

source("crypt.R")
load("key.RData")

credentials = data.frame(login = "foo", password = 'bar', stringsAsFactors = F)
write.aes(df = credentials,filename = "credentials.txt",key = key )
rm(credentials)
credentials = read.aes(filename = "credentials.txt",key = key)
print(credentials)


I hope this helps,

S.

We use method #2, but store the files in a folder outside the project. We have secure storage available to all users on a SAN, so storage in text files isn't as much of a problem. The user's area on the SAN is accessible only to them, and is highly encrypted. You could use other storage somewhere else of course.

Then you can create a symlink in the project to the folder on the SAN. We're on Windows for development and we use Git for version control, so we use a simple .bat script to create the link and add the files to .gitignore. You could use bash or whatever depending on your environment.

mklink /J credentials "PATH_TO_SAN_STORAGE\credentials"
ECHO.>> .gitignore
ECHO credentials/* >> .gitignore
ECHO !credentials/credential.template >> .gitignore
ECHO !credentials/readme >> .gitignore

With every new project, we can copy the .bat file into the project folder, run it, and have easy access to our personal credentials.

The comments to this entry are closed.

Search Revolutions Blog




Got comments or suggestions for the blog editor?
Email David Smith.
Follow revodavid on Twitter Follow David on Twitter: @revodavid
Get this blog via email with Blogtrottr