Passwords in cron scripts

Peter Hansen peter at engcorp.com
Sat Dec 24 14:35:34 CET 2005


Mark Carter wrote:
> I have some python scripts that run as cron jobs. They connect to 
> external resources (like a newsserver) - for which passwords are 
> required. I currently have them stored in the scripts themselves (ouch!) 
> - and was wondering if there was a more secure solution.

Secure from whom?  It's likely they are already being sent in clear text 
when they are transmitted to the server, so at the very least they are 
visible to anyone on that machine or on any other machine on your 
network who can run something like tcpdump, and to anyone with access to 
any of the machines on any of the other networks which carry traffic 
between yours and the ultimate network where the server lives.

That's a lot of people already, without even looking at people with 
login access to the machine in question.

-Peter




More information about the Python-list mailing list